HIPAA Requires Changes Due To American Recovery Act

Recovery Accountability and Transparency Board, is the office that manages the funding and operating agreement of the bill signed into law by President Barack Obama called the American Recovery and Reinvestment Act of 2009. American Recovery Act has two goals:

Prevent and detect waste, fraud, and abuse.
Provide transparent reporting of Recovery-related funds as they are distributed and used

Within this context, funding has been set aside from this act, to reinvest in The Health Insurance Portability and Accountability Act (HIPAA). “The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their information private, though in practice it is normal for providers and health insurance plans to require the waiver of HIPAA rights as a condition of service.”The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation’s health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

The Privacy Rule took effect on April 14, 2003, with a one-year extension for certain “small plans”. The HIPAA Privacy Rule regulates the use and disclosure of certain information held by “covered entities” (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.)[10] It establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.[11] This is interpreted rather broadly and includes any part of an individual’s medical record or payment history.

As the US Senate begin the arduous task of debating the current Stability and Security Plan For All Americans; hospitals, managed care organizations, physician offices and public health offices must portend with the implementation of electronic health records (EHR). Due to recent privacy breaches at Department of Veteran Affairs and other institutions, health care organizations must reasses and mitigate potential security breaches to their respective electronic data exchanges. Moreover, since HIPAA legislation was introduced, the costs have been significant for hospitals and other health care providers, in terms of compliance. It has also been suggested by a number privacy watchgroups, that health care organizations should also install encryption devices to protect mail systems, clinical exchanges, and home-based work. Through the American Recovery and Reinvestment Act, funding will be available to accomplish this goal.


White House. [Online]. Track the money. Retrieved from http://www.recovery.gov/Pages/home.aspx on September 22, 2009.

Centers for Medicare and Medicaid Services. [Online]. Health Insurance Portability and Accountability Act of 1996. HHS Security Standards; Final Rule: 45 CFR Parts 160, 162, and 164.

The White House. [Online]. The Obama Plan: Stability and Security Plan For All Americans. Retrieved from http://www.whitehouse.gov/assets/documents/obama_plan_card.PDF on November 22, 2009.

Health Data Management. (2009). Breach Rules Require New Look at HIPAA. Health Data Management; November (2009) 16.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.