Vishal, a third-year, pre-med bioengineer, was granted a commission as an officer in the United States Public Health Service stationed in Rockville, Maryland, this past summer. His duties included writing a series of reports regarding health care policies and disparities, environmental and facilities engineering, public health, and telemedicine. The following report has been revised.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is among the most significant of federal health care legislations written in the past few decades. The goals of HIPAA are multifaceted and apply to providers, patients, and federal agencies. HIPAA gives the federal government increased regulatory powers over private health insurance, which had previously been deferred to the states. Though signed in 1996, a tentative timeline of compliance has been set for mid-2003.

This act provides protection for millions of working Americans and their families by increasing their ability to get health coverage with a new job and lowering the likelihood of losing existing coverage when changing jobs (1). Also, guidelines have been set to reduce the burden in purchasing health insurance coverage if one loses coverage under an employer's group health plan with no other health coverage available. Finally, Title I of the act allows for workers who change jobs to retain health insurance coverage under their previous employer's plan.

HIPAA also prevents health coverage providers from using pre-existing condition exclusions, such as denying or incurring additional charges for coverage that is based on past or present poor health (3,5). Most states have already taken measures to eliminate such practices and in certain instances exceed the guidelines set forth by HIPAA. Nevertheless, in order to monitor and implement these guidelines, the Department of Health and Human Services (HHS) has called upon internal federal working groups, external groups of experts, and a federal advisory committee to oversee all actions.

The Administrative Simplification clause, another part of the law, is intended to reduce the costs and administrative burdens of health care by making possible the standardized, electronic transmission of certain administrative and financial transactions which are currently carried out manually. HHS shall adopt uniform standards for these electronic transactions that will protect the security and confidentiality of medical information. With the full implementation of these guidelines, a savings upwards of nine billion dollars per year in total health care savings is estimated.

The execution of Administrative Simplification raises the question of medical privacy. On December 28, 2000, the HHS added the Final Rule on the Standards for Privacy of Individually Identifiable Health Information to the HIPAA. Compliance is expected in mid-2003. This is remarkable in its intent to protect individual rights. Confidentiality has traditionally been an obligation between the patient and physician. This, however, did not require patient consent for the disclosure of information among other health care providers (4). HIPAA now requires written patient consent prior to the use or disclosure of information for treatment, payment, or health care operations. It also allows for those needing patient information immediate access once the information is released.

The Patient Privacy Rule gives patients greater access to their own medical records and more control over how their personal information is used. Most importantly, the Privacy Rule requires the identification and classification of the persons within health care organizations needing access to protected information, establishment of policies and procedures for use and disclosure of information for routine situations or transactions (4). The Guidance clarifies that a patient's entire medical record can be released for treatment purposes if it is the minimum necessary data and consent has been granted (2). This availability of medical records for treatment purposes allows for faster patient treatment. It should be noted that the revised Patient Privacy Rules still allows for health care providers to discuss treatment-oriented matters with each other at nursing stations, on the phone when appropriate, in joint treatment areas, and during training rounds.

HIPAA will not necessarily bring about revolutionary changes but it does more clearly define and regulate currently adopted standards and customs. Since most states have already adopted legislation for small business health insurance policies, it seems unlikely that HIPAA will drastically change the current health care situation of the United States. It remains key to note that HIPAA only addresses insurance abuses, not the costs associated with health insurance.