Health Insurance Portability and Accountability Act (HIPAA) (1996)

1) Link to the Text of the Act
Read the statute (42 U.S.C. § 1320d et seq.)

2) Why It Was Done
HIPAA was enacted to improve portability and continuity of health insurance coverage, combat waste and fraud, and protect the privacy and security of patients’ medical information.

3) Pre-existing Law or Constitutional Rights
Before HIPAA, there was no comprehensive federal protection for patient health data. Privacy of medical information was governed by a patchwork of state laws and professional ethics standards.

4) Overreach or Proper Role?
Supporters argue it established critical patient privacy rights. Critics say compliance is complex, costly, and sometimes hinders efficient information sharing among providers.

5) Who or What It Controls

• Health plans, healthcare providers, and clearinghouses (must comply with privacy and security rules)
• Employers (limited access to employee health information)
• Patients (gain rights to access and correct medical records)

6) Key Sections / Citations

• 42 U.S.C. § 1320d-2: Standards for electronic health transactions
• 42 U.S.C. § 1320d-5: General penalties for violations
• HIPAA Privacy Rule (45 C.F.R. Part 160 & Subparts of Part 164)
• HIPAA Security Rule (45 C.F.R. Part 164, Subpart C)

7) Recent Changes or Live Controversies

• Expansion under the HITECH Act (2009) increased penalties and security requirements
• Ongoing debates over electronic health records, patient access, and interoperability
• Controversies over HIPAA’s application during public health emergencies like COVID-19

8) Official Sources

• U.S. Code – Title 42, § 1320d et seq.
• HHS – HIPAA for Professionals
• HHS – Your Rights Under HIPAA

• Healthcare
• Privacy
• Insurance
• Patients
• Medical Records