The Health Insurance Portability and Accountability Act (HIPAA) were signed into law in 1996 with the original intent of protecting health insurance information when workers changed or lost their jobs. As the internet evolved in the mid 1990’s HIPAA requirements coincided with the internet revolution and offered an easy, available vehicle to enable the digital exchange of healthcare information.
But the idea of passing individual health records across the public Internet prompted concerns about the privacy and security of patient-identifiable information. Protected Health Information (PHI) and HIPAA rules were further refined to include a security standard for sharing PHI over the Internet. (Authora Inc. , 2003) In enacting HIPAA, Congress mandated the establishment of Federal standards for the privacy of patient’s identifiable health information. When it comes to personal information that
moves across hospitals, doctors’ offices, insurance companies, and state lines, our country has relied on a patchwork of Federal and State laws. Under this patchwork of laws, personal health information could be distributed, without either notice or authorization, for reasons that had nothing to do with a patient’s medical treatment or reimbursement. Health care providers have a strong tradition of safeguarding private health information. However, in today’s world, the old system of storing paper records in locked filing cabinets is not enough.
With information broadly held and transmitted electronically, the HIPAA Privacy Rule provides clear standards for the protection of personal health information. (Medcenter One Health System, 2003) The HIPAA regulations apply to all communication that is stored or transmitted electronically, or that has been stored or transmitted electronically in the past. Media includes, but is not limited to, computer databases, tapes, disks, telecommunications, fax, Internet and networks.