HIPAA History March 3, 2005

HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress in 1996 Passed by Congress in 1996 Also known as the Kassebaum-Kennedy Also known as the Kassebaum-Kennedy A focus Protecting the Privacy of Patient’s Health Information A focus Protecting the Privacy of Patient’s Health Information Legislation was not introduced and so it was left to Health and Human Services to craft the legislation. Legislation was not introduced and so it was left to Health and Human Services to craft the legislation.

HIPAA Timeline August 21, 1996: Congress enacted the Health Insurance Portability and Accountability Act (HIPAA.) It required the Secretary of Health and Human Services (HHS) to propose standards protecting the privacy of individually identifiable health information by August 21, August 21, 1996: Congress enacted the Health Insurance Portability and Accountability Act (HIPAA.) It required the Secretary of Health and Human Services (HHS) to propose standards protecting the privacy of individually identifiable health information by August 21, September 11, 1997: The Secretary submitted a report to Congress recommending and urging comprehensive privacy legislation by August 21, If Congress failed to act by that date, the Secretary was directed to finalize regulations containing proposed standards relating to the electronic transfer of medical information by February 21, September 11, 1997: The Secretary submitted a report to Congress recommending and urging comprehensive privacy legislation by August 21, If Congress failed to act by that date, the Secretary was directed to finalize regulations containing proposed standards relating to the electronic transfer of medical information by February 21, 2000.

HIPAA Timeline August 21, 1999: Congress was unable to reach consensus on comprehensive privacy legislation. The Secretary of HHS took action to finalize regulations. August 21, 1999: Congress was unable to reach consensus on comprehensive privacy legislation. The Secretary of HHS took action to finalize regulations. October 29, 1999: The Clinton Administration announced proposed rules. October 29, 1999: The Clinton Administration announced proposed rules. November 3, 1999: Proposed privacy standards were published in the Federal Register. November 3, 1999: Proposed privacy standards were published in the Federal Register. January 3, 2000: Initial deadline for the 60-day comment period on proposed privacy standards ends. This deadline was extended to February 17, January 3, 2000: Initial deadline for the 60-day comment period on proposed privacy standards ends. This deadline was extended to February 17, 2000.

HIPAA Timeline August 17, 2000: Transaction and Code Sets Final Rule published. August 17, 2000: Transaction and Code Sets Final Rule published. December 20, 2000: The Secretary released the final regulations setting a compliance deadline of February 26, This deadline was later extended to April 14, December 20, 2000: The Secretary released the final regulations setting a compliance deadline of February 26, This deadline was later extended to April 14, December 28, 2000: Privacy Final Rule published in the Federal Register. December 28, 2000: Privacy Final Rule published in the Federal Register. July 6, 2001: HHS issued first guidance on privacy protections. July 6, 2001: HHS issued first guidance on privacy protections.

HIPAA Timeline December 27, 2001: H.R. 3323, the Administrative Simplification Compliance Act (now known as Public Law ), was signed into law by President Bush. It provided for a one-year extension for complying with the standard transactions and code set requirements. December 27, 2001: H.R. 3323, the Administrative Simplification Compliance Act (now known as Public Law ), was signed into law by President Bush. It provided for a one-year extension for complying with the standard transactions and code set requirements. March 27, 2002: Proposed changes to the privacy standards were published in the Federal Register. March 27, 2002: Proposed changes to the privacy standards were published in the Federal Register. October 16, 2002: Compliance deadline for Transaction and Code Sets unless request for extension and compliance plan filed with DHHS by October 15, October 16, 2002: Compliance deadline for Transaction and Code Sets unless request for extension and compliance plan filed with DHHS by October 15, 2002.

HIPAA Timeline February 20, 2003: Final rule adopting standards for the security of electronic PHI was published in the Federal Register. February 20, 2003: Final rule adopting standards for the security of electronic PHI was published in the Federal Register. April 14, 2003: Compliance deadline for Privacy standards for all covered entities except small health plans. April 14, 2003: Compliance deadline for Privacy standards for all covered entities except small health plans. October 16, 2003: Compliance deadline for Transaction and Code Sets. October 16, 2003: Compliance deadline for Transaction and Code Sets.

HIPAA Timeline April 14, 2004: Compliance deadline for Privacy standards for small health plans with less than $5 million in annual receipts. April 14, 2004: Compliance deadline for Privacy standards for small health plans with less than $5 million in annual receipts. April 21, 2005: Compliance deadline for complying with the standards for security electronic PHI. April 21, 2005: Compliance deadline for complying with the standards for security electronic PHI.

Glossary Look Up Health Insurance Portability and Accountability Act (HIPPA), also known as the Kassebaum-Kennedy law: Milestone legislation passed by Congress and signed into law in It sends a strong message that the federal government wants Americans to plan for their own long- term care protection. The law clarifies tax treatment of qualified long-term care policies. It also includes a provision that makes it a federal crime to willfully dispose of assets to qualify for Medicaid coverage of nursing home and other long-term care services.

HIPAA 3 Parts Privacy Privacy Code Sets Code Sets Security Security

HIPAA Security Administrative Administrative Physical Physical Technical Technical

General Security Requirements Ensure the confidentiality, integrity and availability of all electronic protected health information the covered entity creates receives maintains or transmits. Ensure the confidentiality, integrity and availability of all electronic protected health information the covered entity creates receives maintains or transmits. Protect against any reasonably anticipated threats or hazards to the security of such information. Protect against any reasonably anticipated threats or hazards to the security of such information. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the final HIPAA privacy rule. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the final HIPAA privacy rule. Ensure compliance with the HIPAA security rule by its workforce. Ensure compliance with the HIPAA security rule by its workforce.

Who is effected by HIPAA Covered Entities Covered Entities Healthcare organizations Healthcare organizations Health Plans Health Plans Providers Providers Clearing Houses Clearing Houses Employers Employers Health Care Vendors Health Care Vendors

HIPAA “Another View” Resident Safety Information Security Resident Quality Triad Of Resident Confidence