Analyzing HIPAA's Vast Impact

Journal of AHIMA looks back at the first decade of landmark law

When the Health Insurance Portability and Accountability Act (HIPAA) regulation initially went into effect, it generated significant skepticism, confusion, and even angst on the part of the industry. Ten years after implementation, HIPAA is poised to enter its second decade with confident enforcement powers and a renewed mission to protect patient privacy and security. The tumultuous first 10 years of HIPAA are reviewed in the April Journal of AHIMA cover story "HIPAA Turns 10."

Author Daniel J. Solove, the John Marshall Harlan Research Professor of Law at George Washington University Law School, traces the law's long road, from its genesis in 1996 to the lengthy rule-making process that extended into the early 2000s.

"AHIMA has been at the forefront of helping HIM professionals and the healthcare industry implement and adopt the HIPAA regulations," said AHIMA CEO Lynne Thomas Gordon, MBA, RHIA, CAE, FACHE, FAHIMA. "As consumers become increasingly aware of their health information and seek the ability to access it, we will continue to strike a balance between ensuring that information is private and secure and making sure it is available for patient care."

Solove describes how the government's position with regard to enforcement evolved over the years. "In the first two years of the regulation, despite more than 13,000 privacy complaints, no civil enforcement actions were brought by the HHS' Office for Civil Rights (OCR), the entity responsible for civil enforcement of HIPAA," the article notes. The law acquired more teeth with the establishment of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, and OCR began to ratchet up HIPAA enforcement in dramatic fashion, with higher fines and penalties for violations.

In January, after years of industry anticipation, HHS issued the final regulation implementing the HITECH Act's HIPAA modifications. Industry experts say that these changes will usher in a new level of compliance.

In a sidebar, "HIPAA Mighty and Flawed," Solove examines the regulation's wide-reaching impact on the healthcare industry. "HIPAA really has made a difference. Even when it didn't change the law dramatically, the amount of awareness to health privacy and security it has brought--and the amount of compliance it has engendered--has been substantial," the article says.

Also in this issue

The April issue of the Journal of AHIMA also includes:

• A look at how, with the HITECH-HIPAA Privacy Rule finalized, HIM professionals have found answers to many questions regarding how to handle access to a deceased patient’s protected health information.
• A new practice brief details best practices for ensuring the privacy and security of occupational health records. A variety of issues are related to these records, which have presented challenges in the face of increasing regulatory compliance directives and technological advances.

Read these articles and more in the April issue of the Journal of AHIMA or online at journal.ahima.org.

About AHIMA
Celebrating its 85th anniversary this year, the American Health Information Management Association (AHIMA) represents more than 67,000 educated health information management professionals in the United States and around the world. AHIMA is committed to promoting and advocating for high quality research, best practices and effective standards in health information and to actively contributing to the development and advancement of health information professionals worldwide. AHIMA’s enduring goal is quality healthcare through quality information. For more information, visit www.ahima.org.