What is HIPAA and the history behind the law?

Before my project began, I had to learn about a law enforced throughout the medical field (via the U.S. Department of Health and Human Services) and be certified to show that I understand and would follow the law. HIPAA is a law that was put into place in 1996 to protect patients and their information. This privacy law stands for Health Insurance Portability Accountability Act; although the name of the law specifically addresses health insurance providers, this law holds everyone in healthcare accountable to keep the privacy of the patient.

How was patient privacy dealt with before HIPAA?

Before 1996, privacy laws were loose and largely based on vague unwritten medical and business ethic morals of the healthcare workers and third party administrators. In the third century BC, the Hippocratic Oath was initially developed, mainly stating that the first goal to any medical practice is to do no harm to the patient. In 1948, the Declaration of Geneva became a standard among most countries after WWII in response to the inhumane testing done on humans by Nazi Germany. The main basis to the Declaration was the Hippocratic Oath, but also the agreement expanded on ethics regarding privacy, suggesting that doctors should not use patients’ information to gain publicity, or personal gain. The Declaration states, "I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know. Most especially must I tread with care in matters of life and death. Above all, I must not play at God.”

Until 1996, patient privacy in our healthcare system was vastly self-regulated, with the exception of healthcare within the U.S. Armed Forces. Many hospitals and practices had rules centered on ethics that they set and followed, but there was no law that could hold the United States’ healthcare system, as a whole, accountable. In 1996, HIPPA finally set privacy rules and guidelines for the entire United States healthcare system, which largely resembled the Department of Defense’s The Privacy Act of 1974.

What is HIPAA?

The Health Insurance Portability Accountability Act of 1996 is the privacy law that everyone that comes in contact with the patient’s personal identifiable information must follow. People and entities like the doctors, health insurance providers, and people like me, who sometimes shadow the doctor in the patient’s appointment, are held accountable to follow the HIPAA law. We must keep all Private Personal Information secure between the patient and healthcare team. Information we must keep secure include the patient’s name, address, and social security number. Later in my blog posts, when I write about their story, treatments, and experiences, I must make sure that no one can figure out who I am talking about by the information I present so that I follow HIPAA.

The HIPAA law does not just outline what I can and cannot disclose about the patient. The law also set guidelines about how Protected Health Information is handled and kept in the system.

HIPAA policies must be upheld by anyone or any entity that maintains, uses, or transfers patient information.  HIPAA insures that patients are told every time their information is requested and requires they give permission every time information is shared.  HIPAA also allows patients access to their own health information, and prohibits anyone or any entity from misusing the information or using it against them. Although I am required to know all parts of the law, the main piece that pertains to me and this project is what information is shared and how I present their cases so that the patients’ identity and privacy is preserved.