Congress approved the Health Insurance Portability and Accountability Act (HIPAA) to guard the privacy of personal medical information, and to give individuals the right to keep their health insurance coverage for pre-existing conditions in place even if they change jobs. The law has done this, providing important safeguards for patients. But it has also increased the red tape involved in medical care.
Congress passed HIPAA in August 1996, and the U.S. Department of Health and Human Services finalized standards for the electronic exchange, privacy and security of health information in 2002. The rules apply to health plans, health care clearinghouses, and to any health care provider, such as a doctor, who transmits health information in electronic form.
Congress intended HIPAA to protect individually identifiable health information. Any entity, including a physician's office, a hospital or other health care facility, or an insurer, that deals with personal health information must follow strict rules about how to handle that information to avoid disclosing it to someone not authorized to see it. For example, Health and Human Services allows physicians and insurance companies to exchange individually identifiable health information to pay a health claim, but would not allow them to release it publicly. Penalties for violating the regulations include civil fines of up to $50,000 per violation, according to Health and Human Services.
According to Health and Human Services, the privacy rule also requires physicians, hospitals, insurers, and other health care entities to use and disclose only the minimum amount of information needed to complete the transaction or fulfill the request. As a practical matter, for example, that means a physician should not send a patient's entire medical file to an insurer if just one page from the record will suffice to answer the insurer's query.
In addition to protecting patients' privacy, HIPAA also limits the ability of a new employer plan to exclude coverage for pre-existing conditions. This means a person who has health insurance coverage can change jobs -- and therefore health plans -- without worrying that a condition they already have, such as diabetes or asthma, would not be covered under the new health plan. This was not always the case, according to the U.S. Department of Labor. "In the past, some employers' group health plans limited, or even denied, coverage if a new employee had such a condition before enrolling in the plan. Under HIPAA, that is not allowed," the Department of Labor says. HIPAA also prohibits discrimination against employees and their family members based on health histories, previous claims, and genetic information, according to the Department of Labor.
Pros of HIPAA
HIPAA, for the first time, allowed patients the legal right to see, copy, and correct their personal medical information. It also prevented employers from accessing and using personal health information to make employment decisions. And, it enabled patients with pre-existing conditions to change jobs without worrying that their conditions would not be covered under a new employer's health plan.
Cons of HIPAA
However, HIPAA's effects have not all been positive. The regulations increased the paperwork burden for doctors considerably, according to the American Medical Association. HIPAA has spawned a mini-industry of companies and consultants who help medical professionals comply with the law's lengthy provisions. In addition, some professionals who deal with medical paperwork have become overcautious about releasing protected information. For example, some physician's offices now refuse to mail test results, saying patients need to pick them up in person. And some hospitals require physicians to submit written requests on their own letterhead for information on a patient's condition, when the law allows this information to be provided by phone.