Chapter 8: Medical Privacy

HIPAA Origins and Purpose

HIPAA became law in 1996 to improve health care efficiency, requiring electronic reimbursement formats for Medicare and Medicaid. Recognizing the privacy risk of going electronic, Congress directed HHS to issue privacy and security rules.

Before 1996 the U.S. had no comprehensive medical privacy law. HIPAA became law in 1996, and by the early 2000s its privacy and security rules were in effect, later updated most notably by the HITECH Act of 2009.

HIPAA's initial goal was efficiency, not privacy. It required entities receiving Medicare and Medicaid payments to shift reimbursement requests to electronic formats. Recognizing this created privacy and security risk, Congress required HHS to promulgate protective regulations.

Key terms - quick answers

What is “HIPAA”?

The Health Insurance Portability and Accountability Act of 1996, the principal U.S. medical privacy and security law.

What is “HHS”?

The U.S. Department of Health and Human Services, which promulgates and enforces HIPAA's privacy and security regulations.

← Health Information Is Protected Differently by Setting PHI and ePHI Defined →