Health Insurance Portability and Accountability Act of 1996

The Health Insurance Portability and Accountability Act of 1996 called for many changes in health care. Finalized federal regulations (called HIPAA Privacy Regulations) became effective as of April 14, 2003. These regulations require that we take extra precautions to protect personal health information (PHI). Care1st Health Plan has taken the necessary precautions to protect PHI. This is reflected through various means, including (but not limited to) developed policies and HIPAA-related training to assist our staff, as well as providers, companies and facilities we work with.

Another reason Congress enacted HIPAA was to improve efficiency and effectiveness of health care delivery (administrative simplification). The HIPAA established national standards for this, including:

  • Electronic health care transactions / Transaction Code Sets.
    • These provisions require that health plans and health care payors follow requirements established by the federal government regarding health care billing and reimbursement. This is crucial in light of increased electronic data exchange involving providers, clearinghouses and health plans and other business associates. Examples:
  • Unique identifiers, such as a National Provider Identifier (NPI)
  • Security

Congress enacted two additional laws to amend the HIPAA by adding more requirements and revising some provisions. These changes include streamlining efficacy through administration simplification.

Health Information Technology for Economic and Clinical Health Act (HITECH) - a provision of the American Recovery and Reinvestment Act of 2009 (ARRA)

  • criminalized some HIPAA violations committed through willful neglect
  • limitations of the sale of PHI
  • stronger individual rights to access electronic medical records
  • more restrictions on disclosure of certain information
  • increased civil fines for HIPAA violations
  • breach notification applicability to covered entities & business associates


the Patient Protection and Affordable Care Act of 2010 (ACA) includes additional and revised provisions that require:

  • Operating rules for each of the HIPAA transactions
  • A unique, standard Health Plan Identifier (HPID)
  • Standards for electronic funds transfer and electronic health care claims attachments
  • Health plans to certify compliance with the standards and operating rules
  • Penalties for health plans that are non-compliant and for failing to certify compliance with applicable standards and operating rules.

Additional Information

Health & Human Services Office of Civil Rights (OCR)
If you have questions or concerns about HIPAA in your office, visit the Department of Health Services, Office of Civil Rights website.

  • Or call OCR’s toll-free number at: 1-866.627.7748