HIPAA Revisited, Part 1: Privacy vs portability
In the 12 years since the Health Insurance Portability and Accountability Act was enacted, organizations in the United States have gone to great lengths to comply. However, advances in technology are leading to calls for more flexibility in the movement of personal health information.
Responding to heightened concerns about the privacy of individuals' medical and healthcare information, the US federal government in 1996 introduced HIPAA, the Health Insurance Portability and Accountability Act. It empowered the Department of Health and Human Services to develop and manage the methods governing the collection and sharing of personal health information and the mechanisms with which all U.S. healthcare organizations covered under the Act must comply.
So-called covered entities needed to be in compliance with the provisions of the Act by April 14, 2003. As is the nature of introducing new and sweeping changes throughout a huge industry, HIPAA has had unexpected consequences, imposed additional administrative and financial burdens on healthcare organizations of all shapes and sizes, generated misconceptions, and provoked its share of criticism.
