An In-depth Look at HIPAA, the Privacy Rule and Research
In 1996, the Health Insurance Portability and Accountability Act, commonly known as HIPAA, was passed with the goal of increasing the efficiency and accessibility of health insurance coverage, and establishing minimum federal standards for protecting the privacy of an individual’s identifiable health information.
The Administrative Simplification Provisions
In part a response to the technological advancements that impact the electronic standards for health data, the act was concerned with, among other things, the computerization of patient medical records and the transmission and sharing of patient information. HIPAA's administrative simplification provisions directed the U.S. Department of Health and Human Services to create privacy standards and safeguards for the use of such electronic health care information. As a response, HHS put forward five main rules:
The Unique Identifiers Rule (resulting in the Standard Unique Employer Identifier, the National Provider Identifier and the National Health Plan Identifier).
The HIPAA Privacy Rule (discussed below).
The Transactions and Code Sets Rule (for the uniformity of electronic data exchange transactions when submitting, processing and paying claims).
The HIPAA Security Rule (for the establishment of national standards for the protection of individuals' electronic personal health information* created, received, used or maintained by a covered entity**).
The Enforcement Rule (for the enforcement of the Privacy and Security Rules).