|HIPAA passes Congress with the goal of modernizing the flow of healthcare information.
|The U. S. Department of Health and Human Services (HHS) finalizes the HIPAA Privacy Rule; it becomes the first ever federal healthcare information privacy law.
|HSS establishes the HIPAA Security Rule, setting national standards to protect individuals’ electronic personal health information.
|The Office for Civil Rights (OCR) comes under fire for lack of enforcement. By 2008, more than 33,000 complaints had been filed with OCR. While 5,600 investigations led to corrective action, no fines were imposed.
|The Health Information Technology for Economic and Clinical Health (HITECH) Act becomes law to promote the adoption and meaningful use of health information technology.
|OCR ratchets up enforcement; issues some entities fines exceeding $1 million for privacy breaches.
|HSS releases a HITECH’s HIPAA Modification Rule to strengthen privacy and security protection for personal health information and mandates enforcement.