HIPAA History

HIPAA refers to the federal Health Insurance Portability and Accountability Act of 1996.

August 1996 HIPAA passes Congress with the goal of modernizing the flow of healthcare information.
December 2000 The U. S. Department of Health and Human Services (HHS) finalizes the HIPAA Privacy Rule; it becomes the first ever federal healthcare information privacy law.
April 2003 HSS establishes the HIPAA Security Rule, setting national standards to protect individuals’ electronic personal health information.
2008 The Office for Civil Rights (OCR) comes under fire for lack of enforcement. By 2008, more than 33,000 complaints had been filed with OCR. While 5,600 investigations led to corrective action, no fines were imposed.
February 2009 The Health Information Technology for Economic and Clinical Health (HITECH) Act becomes law to promote the adoption and meaningful use of health information technology.
2009 OCR ratchets up enforcement; issues some entities fines exceeding $1 million for privacy breaches.
January 2013 HSS releases a HITECH’s HIPAA Modification Rule to strengthen privacy and security protection for personal health information and mandates enforcement.
For a full history of HIPAA, download HIPAA Turns 10: Analyzing the Past, Present, and Future Impact, by Daniel J. Solove, the John Marshall Harlan Research Professor of Law of George Washington University Law School. The article appeared in the Journal of the American Health Information Management Association in April 2013.

Upcoming Events

10 Steps to Compliance