Without it, workers would have had far fewer consumer protections related to their health benefits.
Preexisting conditions are those you have before applying for health insurance coverage.
Gaps
But there were still a lot of gaps in the protections provided by HIPAA.
Medioimages / Photodisc / Getty Images
In most states, most individual/family health plans were not guaranteed-issue, even for people who wereHIPAA-eligible.
And if they did, there were very few federal rules regarding how comprehensive the coverage had to be.
Many of these gaps were filled in by the Affordable Care Act (also known as Obamacare).
Many of HIPAAs health insurance portability and preexisting condition protections were improved or replaced by ACA.
HIPAAs protection of personal health information is still something that requires compliance from numerous individuals and entities.
Lets take a look at what HIPAA does to protect a persons sensitive medical information.
The regulations created what is known as the HIPAA Privacy Rule.
This rule details how protected health information (PHI) must be safeguarded.
HIPAA Security Rule
The HIPAA Security Rule also stems from Part C of Title II of HIPAA.
The intent is to ensure the confidentiality, integrity, and security of electronic protected health information.
The HIPAA Security Rule applies to health plans, healthcare clearinghouses, and medical providers who transmit PHI electronically.
The Enforcement Rule was initially finalized in 2006.
The Enforcement Rule details how HIPAA Privacy and Security Rule complaints are handled, including potential fines for noncompliance.
These complaints are investigated by the Office of Civil Rights (OCR) or by state attorneys general.
Financial penalties tend to be used for only the most egregious violations.
Lesser violations tend to be resolved with a plan to correct the violation and prevent it in the future.
For the lowest-tier violations, fines are rare.
But for the highest tier, the minimum fine was set at $50,000 per violation.
These amounts have been indexed for inflation.
The maximum penalties have been adjusted downward for lower-tier violations.
In 2021, the inflation-adjusted minimum penalties ranged from $120 to $60,226, depending on the tier.
The annual maximum penalty ranges from a little over $30,000 to more than $1.8 million.
Covered Entities
HIPAAs privacy protections for PHI only apply to covered entities and their business associates.
Covered entities include health plans, medical providers, and healthcare clearinghouses.
There is a long list of entities that are not subject to these rules.
This was beneficial to self-employed people, but HIPAA drastically improved the benefit.
Under HIPAA, up to 750,000 tax-advantaged MSAs could be opened by self-employed people or employees of small businesses.
But the program was quite restrictive, and only about 75,000 accounts were opened.
HSAs can also be used by more people.
ExistingArcher MSAswere allowed to remain in place, but no new MSAs were created once HSAs became available.
Although HSAs and MSAs have some key differences, they also share a lot of features.
And HIPAAs creation of MSAs paved the way for todays HSAs.
HIPAA (Title III, Subtitle C) changed that.
These amounts have been indexed annually by the IRS.
Summary
HIPAA was a landmark piece of legislation enacted in 1996.
Those protections were enhanced and expanded upon by the Affordable Care Act.
HIPAAs information privacy rules have been updated numerous times to keep pace with changing technology.
Together, these rules help to ensure that protected health information (PHI) is properly safeguarded.
It can include any information about healthcare services or information that can be used to identify a patient.
HIPAA rules do not apply to anyone who isnt a covered entity or business associate of a covered entity.
Government Publishing Office.Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996.
Centers for Medicare and Medicaid Services.Administrative simplification fact sheet.
Centers for Medicare and Medicaid Services.The Health Insurance Portability and Accountability Act of 1996 helpful tips.
Government Publishing Office.Public Law 111 - 148 - Patient Protection and Affordable Care Act.
Kaiser Family Foundation.Health insurance market reforms: guaranteed issue.
Department of Health and Human Services.HIPAA Privacy Rule.
Department of Health and Human Services.Does the HIPAA Privacy Rule apply to an elementary or secondary school?.
Centers for Medicare and Medicaid Services.Are you a covered entity?
Centers for Medicare and Medicaid Services.Adopted standards and operating requirements.
Department of Health and Human Services.Breach notification rule.
Department of Health and Human Services.The security rule.
Centers for Medicare and Medicaid Services.Overview of coding and classification systems.
Department of Health and Human Services.The HIPAA Enforcement Rule.
2013;78(17):5565-5702.
HIPAA Journal.What are the penalties for HIPAA violations?.
Department of Health and Human Services.Filing a complaint.
Congressional Research Service.Federal tax treatment of health insurance expenditures by the self-employed: current law and issues for Congress.
Centers for Medicare and Medicaid Services.Health Insurance Marketplace.
Devenir Research.2022 Year-end Devenir HSA research report.
Internal Revenue Service.Revenue Procedure 2022-38.
