The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted August 21, 1996. Title I of the Act seeks to protect individual rights to health insurance coverage during events such as changing / losing one’s job, pregnancy, moving, divorce, etc. HIPAA Title I additionally provides rights and protections for employers when obtaining and renewing health coverage for their employees. Title I has already been implemented. It is HIPAA Title II that this project and charter addresses.
Title II of HIPAA includes the Administrative Simplification Act, which requires improved efficiency in healthcare delivery by standardizing electronic data interchange (EDI) and mandating the protection of patient confidentiality (privacy) and the security of health data through the setting and enforcing of standards. HIPAA Title II requires:
- Standardization of electronic patient health, administrative, and financial data
- Unique identifiers for employers, health plans, and health care providers
- Standards protecting the confidentiality (privacy) and integrity of “individually identifiable health information”
All healthcare organizations are affected by HIPAA. This includes health care providers regardless of size, health plans, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, etc.
Sanctions for non-compliance with HIPAA can be both civil and criminal. Fines range from $100 per violation up to $25,000 for multiple violations of the same standard in a calendar year. Additionally, there are fines up to $250,000 and/or imprisonment of up to 10 years for intentional misuse of individually identifiable health information.
With the passage of the American Recovery and Reinvestment Act of 2009 penalties may range from $100 to $1,500,000. These penalties may be assessed against individuals and HIPAA covered entities. Included in the ARRA was a civil right of action not previously allowed.