Celebrating nearly three decades of protecting patient privacy

The HHS celebrates 28 years of health data protection and advancement in patient privacy. 

What happened 

Twenty-eight years ago, President Bill Clinton signed HIPAA into law. The event introduced reforms in the healthcare sector, primarily focusing on the privacy and security of patient information. 

HIPAA established the first national standards for protecting health records and other personally identifiable health information, whether handled electronically or in other forms. These standards help ensure that personal health information remains confidential and secure, regardless of how it is processed or shared among doctors, hospitals, and insurance companies. 

Over the years, the Office for Civil Rights (OCR) has been actively overseeing and enforcing these rules, continually updating them to tackle emerging challenges like cyber threats, which are more prevalent than ever. Today, HIPAA is about compliance and empowering patients to take control of their health information.

Updates to HIPAA under the Biden-Harris Administrative

1. HIPAA Privacy Rule to support reproductive health care privacy: Introduction of a final rule, fact sheet, and resources to protect privacy in reproductive healthcare.
2. Confidentiality of substance use disorder patient records: Issuance of a final rule and educational materials to safeguard patient records concerning substance use disorders.
3. HIPAA Security Rule risk analysis requirement: Promotional video explaining the necessity of risk analysis to protect electronic health information.
4. Cyber-attack defense: Videos and guidance on using the HIPAA Security Rule to defend against cyber threats.
5. Telehealth privacy and security guidance: Tips for patients on maintaining privacy and security when using telecommunication technologies for telehealth.
6. Education on privacy and security risks: Guidance aimed at helping patients understand the risks related to remote communication technologies.
7. HIPAA recognized security practices: Video explaining the benefits of recognized security practices under HIPAA.
8. Guidance on mobile device security: Advice on how to secure health information on personal mobile devices.
9. HIPAA and reproductive health care disclosures: Guidelines on the disclosures of health information related to reproductive healthcare under the HIPAA Privacy Rule.
10. Audio-only telehealth: Guidance on applying HIPAA rules to audio-only telehealth services.
11. Disclosures for extreme risk protection orders: Information on how PHI can be disclosed for extreme risk protection orders under HIPAA.
12. HIPAA, COVID-19 vaccinations, and the workplace: Guidelines on how HIPAA applies to disclosures related to COVID-19 vaccinations in workplace settings.
13. Enforcement actions: Comprehensive actions including addressing ransomware, phishing, and other threats, emphasizing rigorous enforcement of HIPAA compliance.

What was said

According to Melanie Fontes Rainer, Director of the Office for Civil Rights, “HIPAA is the cornerstone law that advances patient privacy, data protection, and health information security in our nation’s health care system. Importantly, HIPAA, through the HIPAA Rules, empowers patients and consumers to take their own health data into their own hands and instills trust in the patient-provider relationship to allow for better care and outcomes. With the rise of cyberattacks breaching patient privacy, HIPAA is more relevant than ever. OCR continues to prioritize health information privacy by updating and rigorously enforcing the HIPAA Rules that safeguard our national security in the health care system.” 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is HIPAA? 

HIPAA is a law that protects the privacy and security of individual health information in the United States.

What is the Privacy Rule? 

The Privacy Rule sets standards for how PHI should be used and disclosed, ensuring it remains private.

What is the Security Rule?

The Security Rule requires electronic personal health information be kept confidential and secure from unauthorized access.