The Health Insurance Portability and Accountability Act, or HIPAA, was a piece of legislation passed by the US government in 1996. It served two main functions: to give greater coverage and protection to people with health insurance through their employers and to create more privacy protection for medical records. As such, it is widely viewed as a piece of consumer protection legislation designed to preclude problems with health insurance and access to medical records.
For most consumers, the most noticeable benefit of the Health Insurance Portability and Accountability Act was the amendment to the Employee Retirement Income and Securities Act (ERISA). The amendment dealt with pre-existing conditions, which are medical illnesses, diseases or conditions that a person already has when he applies for insurance. Previously, some employers and/or insurance companies limited people from being covered for these pre-existing conditions for a long period, or even indefinitely. For example, a person with diabetes who wished to sign up for the employee health plan at a new job may be precluded from getting coverage under the plan for her diabetes, since she had the diabetes before signing up for the plan.
Under new rules set forth by the Health Insurance Portability and Accountability Act, coverage for the pre-existing condition can be limited only for a 12-month period. If the person already had insurance coverage before enrolling in the new health plan through an existing insurance policy that he bought himself or had through his previous employer, this pre-existing coverage limitation is reduced even further depending on how long he had coverage. Even for people with no previous coverage who don’t enroll in their employer’s plan until after the regular deadline has passed (i.e. late enrollees) the maximum time period that a company can exclude pre-existing conditions under the Health Insurance Portability and Accountability Act amendment is 18 months.
The Health Insurance Portability and Accountability Act also ensured more patient privacy. Only the patient can have access to his or her medical records under the rules, and insurance companies, doctors offices and others that keep medical records are required to take strict steps to secure the information against unauthorized access. This includes appointing an individual to be in charge of security, restricting access to medical records, and reporting any security breaches promptly. Specific provisions were also put in place for the electronic storage of medical records, stipulating that computer security measures be taken and that access to the computers on which medical records are stored be strictly limited to authorized personnel only.