What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) became effective on July 1, 1997. Initially, the primary goal of HIPAA was to protect an insured person's insurability. Before this law, if an insured person lost insurance coverage for some reason, such as changing jobs, they could be required to prove their insurability before obtaining new coverage. For most people this wasn't a problem; however, for people with chronic health problems or whose health deteriorated while they were covered, it was a serious problem. Such people lived in constant fear of losing their jobs and thereby losing their health insurance. As a result of HIPAA, if a person has been insured for the most recent 12 months, a new insurance company cannot refuse to cover the person or impose a waiting period before providing coverage. HIPAA also offered federal protections to those with pre-existing conditions for the first time. 

It soon became evident that successful HIPAA implementation would require a major upgrade to communications between health care providers, insurance plans and employers. Many security, privacy, and confidentiality issues would also have to be addressed as technology and the means of sharing health information evolved. So, the law was written to include those kinds of mandates, with significant penalties for non-compliance, including monetary fines and criminal penalties such as prison time for serious, intentional privacy or security violations.

Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act as part of the American Recovery and Reinvestment Act (ARRA) of 2009, which made several significant modifications to HIPAA. On January 25, 2013, the US Department of Health and Human Services (HHS) published the Omnibus Final Rule, which implemented changes to HIPAA pursuant to the HITECH Act and the Genetic Information Nondiscrimination Act (GINA) of 2008. The Omnibus Final Rule also made additional changes to the HIPAA regulations. The Omnibus Final Rule became effective on March 26, 2013, and its compliance date was September 23, 2013.

The most well-known aspects of HIPAA now are those created to ensure privacy and security in patients' health information. The information below concerns the aspects of HIPAA designed to protect health information. 

Contact Us:

Office of Internal Controls and Audit Compliance​
Chief Privacy Officer

201 W. Preston Street
Baltimore, MD 21201

410-767-5314 office 

410-333-7194 fax