Overview of HIPAA

As described in Title 1 -- HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY of the bill, the first objective of HIPAA is to guarantee health insurance coverage to all employees and their families. The major underpinnings of this portion of the legislation are the national standards for availability and portability of both group and individual health insurance coverage. Availability of health insurance is addressed in five major aspects of the policy:

1. Prohibits denial of new coverage for pregnant women, newborns or newly adopted children,
2. Expands availability to small employers (2-50 employees)
3. Offers coverage to persons who have lost their jobs
4. Prohibits exclusion from coverage based upon health status
5. Requires insurers to renew coverage for all employees as long as the premium was paid.

Portability is the second major focus of this policy. Portability implies being able to make health insurance portable and continue coverage of health insurance between employers. Extending COBRA to a broader group of eligible employees and redefining "preexisting health conditions" and putting limits on waiting periods for preexisting conditions accomplish this.

The second objective of this bill (Title II--PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE SIMPLIFICATION; MEDICAL LIABILITY REFORM) is aimed at "accountability" to reduce fraud and abuse in the healthcare system of a national basis. The US. General Accounting Office has estimated that 11 cents of every healthcare dollar is spent fraudulently. To help remedy the problem, HIPAA has established the Fraud and Abuse Control System, which provided the Department of Health and Human Services (DHHS) and the Justice Department more flexibility in pursuing organizations suspected of fraudulent activity.

While HIPAA is intended to assure portability and accountability of health care insurance, many aspects of the law deal specifically with data security and privacy and establish precise standards for electronic data interchange formats. Administrative Simplification (Subtitle F under Title II) was established to further reduce health care costs through its third objective, the implementation of Electronic Data Interchange (EDI). The efficiency of information exchange and processing of administrative and financial transaction between health organizations (payers and providers) can be greatly improved through the use of computer-to-computer interfaces using EDI transaction standards. The final rules for Standards for Electronic Transactions and Code Sets have been published and must be implemented by October 16, 2002. The use of EDI combined with stronger security practices (also called by Administrative Simplification) will improve our health information systems ability to guard against fraud. The final rules for Security and Electronic Signatures Standards are pending.

The fourth objective of HIPAA was the requirement for Congress to enact comprehensive national medical record privacy standards by Aug. 21, 1999. When Congress was unable to enact standards by this deadline, HIPAA required that the DHHS to define rules for the protection of patient information. Publication of the Standards for Privacy of Individually Identifiable Health Information in the Federal Register occurred on December 28, 2000. The rule came into effect April 14, 2001. Full implementation of the rules will be April 14, 2003. This new regulation is intended to protect medical records and other personal health information, in all forms, maintained by health care providers, hospitals, health plans and health insurers, and health care clearinghouses.

Most of the HIPAA mandates were supposed to become effective in February 1998 with compliance required by February 2000. However, there have been extensive and repeated delays in rule development. This was due in part to the governments' attempts to make these complex interrelated set of standards into a realistic and feasible plan. To completely understand the full impact of the law required consultation with various industry groups, public hearings and briefings.

HIPAA has widespread ramifications for all aspects of health care but its consequences will not be apparent until it is fully implemented. Industry experts are projecting the cost of compliance to be in excess of $22 billion over the next 5 years. However, compliance with HIPAA can benefit hospitals that approach it as an investment in productivity and future cost savings instead of as a regulatory burden. Health insurance plans are more widely available and an employee not longer needs to fear being disqualified from coverage based on "preexisting conditions". The security and privacy regulations are also a clear "win" for patients, leading to a secure delivery of private health care information to only those who need the information. The transaction standards will reduce operational expenses and minimize fragmentation. The government costs for administrating Medicare and Medicaid will be reduced.