The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) will fundamentally change the way personal health information is used and disclosed. These changes will impact every health care provider and health insurer in the United States, as well as a substantial number of employers.
HIPAA: Portability and Privacy
When HIPAA was first enacted, its initial impact was through its “portability” provisions, which make it easier for employees to continue their health insurance coverage when they lose their jobs or change employers. HIPAA’s new national standards regarding health information and privacy are found in another section of the statute, labeled “administrative simplification.” Before HIPAA, there were few federal standards regarding the privacy of health information. Instead, patient privacy is provided in varying degrees by a patchwork of state laws. HIPAA’s privacy rules, which are scheduled to go into effect in April 2003, will pre-empt state laws that are less protective than HIPAA; however, they will leave in place those state laws that provide greater privacy protections than HIPAA. (The Boston Bar Association’s HIPAA Task Force is currently preparing a comprehensive analysis of HIPAA’s pre-emptive effects on Massachusetts law.)