Health Insurance Portability and Accountability Act (HIPAA)

📌 Link to the Text of the Act

Read the statute (42 U.S.C. § 1320d et seq.)

📌 Why It Was Done

HIPAA was enacted to improve portability and continuity of health insurance coverage, combat waste and fraud, and protect the privacy and security of patients’ medical information.

📌 Pre-existing Law or Constitutional Rights

Before HIPAA, there was no comprehensive federal protection for patient health data. Privacy of medical information was governed by a patchwork of state laws and professional ethics standards.

📌 Overreach or Proper Role?

Supporters argue it established critical patient privacy rights. Critics say compliance is complex, costly, and sometimes hinders efficient information sharing among providers.

📌 Who or What It Controls

• •
  Health plans, healthcare providers, and clearinghouses (must comply with privacy and security rules)
• •
  Employers (limited access to employee health information)
• •
  Patients (gain rights to access and correct medical records)

📌 Key Sections / Citations

• •
  42 U.S.C. § 1320d-2: Standards for electronic health transactions
• •
  42 U.S.C. § 1320d-5: General penalties for violations
• •
  HIPAA Privacy Rule (45 C.F.R. Part 160 & Subparts of Part 164)
• •
  HIPAA Security Rule (45 C.F.R. Part 164, Subpart C)

📌 Recent Changes or Live Controversies

• •
  Expansion under the HITECH Act (2009) increased penalties and security requirements
• •
  Ongoing debates over electronic health records, patient access, and interoperability
• •
  Controversies over HIPAA’s application during public health emergencies like COVID-19

📌 Official Sources

• •
  U.S. Code – Title 42, § 1320d et seq.
• •
  HHS – HIPAA for Professionals
• •
  HHS – Your Rights Under HIPAA