News and Events
Celebrating 25 Years of HIPAAPublished: Aug. 25, 2021
It’s the 25th anniversary of the Kennedy-Kassebaum Act, also known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)! HIPAA was signed into law on Aug. 21, 1996, by President Bill Clinton. Originally promoted as a health insurance continuity and portability measure for workers losing or changing jobs, HIPAA also authorized the Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of personal health information (PHI) and electronic health or medical records.
Over the past two and a half decades, the three items that remain constant are preserving the confidentiality, integrity and availability of the patient’s protected health information. The following are key dates in HIPAA History.
April 2003: HIPAA Security Rule (Administrative-Physical-Technical)
Requires all covered entities to allow patients access to their health information on request while limits are placed on how, when and to whom health records can be disclosed
March 2006: HIPAA Breach Enforcement Rule
Office of Civil Rights (OCR) starts issuing financial penalties to any covered entity that fails to implement the requirement of the HIPAA Privacy and Security Rule
September 2009: Health Information Technology for Economic and Clinical Health (HITECH) Rule
Introduces incentives to improve information technology infrastructure and to encourage the use of electronic health records (EHR) systems
September 2009: Breach Notification Rule
Requires covered entities to report data breaches to the OCR and notify potential victims of incidents that exposed their personal and health information
March 2013: Omnibus Rule
Breach notification rules are updated, and business associates can be held liable for breaches and certain HIPAA violations
What will the next 25 years bring in the life of HIPAA? The answer remains to be seen.
The legal and compliance department will continue to focus on identifying ways to educate and train employees on how to mitigate privacy risk. One way is to be familiar with the following key privacy policies. These policies will guide you during decision-making to ensure you are consistent.
- Accessing your own medical records
- Accounting of disclosures
- Breach notification
- Minimum necessary
- Patient confidentiality
- Patient request to restrict uses and disclosures of PHI and alternative methods of communication
- Patient’s right and responsibility
You can find additional information regarding mitigating privacy risk at our newly revised HIPAA page: http://mhsintranet/Main/HIPAA.aspx
As we continue to improve our privacy program, please submit program enhancement ideas, training suggestions or privacy concerns to the health system privacy officer at email@example.com. You have until Tuesday, Aug. 31. Your input is important. To celebrate HIPAA’s birthday, we have three $25 gift cards for anyone who submits information. The gifts cards will be drawn at random.
Report any compliance or privacy concerns by clicking here. Or, on the NMHS intranet, go to Resources > Compliance. Reports may also be made anonymously by calling the MHS Compliance Reporting Hotline at 877-640-0005 (English) or 800-216-1288 (Spanish).
Contact MHS Privacy Officer Anita Patterson, MS, at (402) 354-6863 or firstname.lastname@example.org.