Comp5 Unit10a Lecture Slides

History of Health Information Technology in the U.S.

History of Privacy and Security Legislation

Lecture a – Background of HIPAAThis material Comp5_Unit10 was developed by The University of Alabama Birmingham, funded by the Department of Health

and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 1U24OC000023

History of Privacy andSecurity LegislationLearning Objectives

• Explain the differences among the terms privacy, confidentiality and security

• Discuss the reasons why the administrative simplification provisions were attached to the original HIPAA legislation.

• Explain the five principles underlying the HIPAA privacy and security rules

• Discuss the reasons why the privacy rule was an action of the executive, not the legislative, branch of the federal government

2Health IT Workforce Curriculum Version 3.0/Spring 2012

History of Health Information Technology in the U.S. History of Privacy and Security Legislation

Lecture a

Definitions• Privacy• Confidentiality• Security



Lecture a

Definitions• Privacy

– The right to be left alone– The right to keep personal information secret– The right to control personal information



Lecture a



• Confidentiality– Sharing or disseminating data only to those with a

“need to know”



Lecture a



• Confidentiality– Sharing or disseminating data only to those with a

“need to know”• Security

– Mechanisms to assure the safety of data and systems in which the data reside



Lecture a

HIPAAHealth Insurance Portability and Accountability Act

Kennedy-Kassebaum bill (1996)Public Law 104-191Administrative Simplification and

Privacy Provisions



Lecture a


Kennedy-Kassebaum bill (1996)

Improve efficiency of healthcareStandards for electronic transmission of healthcare information



Lecture a


Kennedy-Kassebaum bill

Improve efficiency of healthcare

Privacy of information must be assuredDeadline (8/1999) for Congress to pass

privacy/confidentiality legislation• Defaults to Secretary of HHS to propose rule• Secretary of HHS must report to Congress in 1997 on

approach



Lecture a

Privacy and Confidentiality Pre-HIPAA

• No national law for privacy/confidentiality of health information prior to HIPAA

• Privacy Act of 1974– Protected information held by the federal

government• Joint Commission (accrediting agency for

healthcare organizations) – Information management standards include

protection of confidential information• “Patchwork” of state laws



Lecture a

State Laws• No comprehensive set of laws for access or

disclosure• Condition-specific rules varied by state



Lecture a

Photo by Omaopio

Principles Underlying HIPAA Privacy and Security Rules

• Boundaries• Security• Consumer Control• Accountability• Public Responsibility

Source: (Shalala , 1997)



Lecture a


• Boundaries



Lecture a

Photo by airunp


• Boundaries• Security



Lecture a


• Boundaries• Security• Consumer Control



Lecture a

Photo by Win Henderson/FEMA


• Boundaries• Security• Consumer Control• Accountability



Lecture a

Photo by Daderot


• Boundaries• Security• Consumer Control• Accountability• Public

Responsibility



Lecture a

HIPAA 1998 – Present• Controversies in privacy debate

• Floor or ceiling/floor

Source: (HHS, 1999)



Lecture a

Photo by Jesse Loughborough


• Floor or ceiling/floor• Patient consent restrictions



Lecture a



• Congress failed to pass privacy legislation



Lecture a

HIPAA 1998 – 2009• Controversies in privacy debate


• Congress failed to pass privacy legislation

• DHHS Privacy Rule Proposed— Fall, 1999 • Over 50,000 comments received

Source: (HHS, 1999)



Lecture a

Privacy and Security Rules • Final Privacy Rule Published – December, 2000

– Modified several times– Went into effect in April, 2003

• Security Rule – 2005• Other changes over the years• Major changes in 2009 as a result of HITECH



Lecture a

History of Privacyand Security Legislation

Summary – Lecture a• Differences among the terms privacy,

confidentiality and security• Background of the administrative simplification

provisions in the original HIPAA legislation• Five principles underlying the HIPAA Privacy and

Security Rules• Passage of HIPAA Privacy and Security Rules



Lecture a

History of Privacy and Security Legislation

References – Lecture a



Lecture a

References• HHS announces proposed electronic medical records privacy regulations. Tech Law Journal [Internet].

1999 Oct 30. Available from: http://www.techlawjournal.com/privacy/19991030.htm

• Testimony on Health Insurance Portability and Accountability Act by the Honorable Donna E. Shalala Secretary, U.S. Department of Health and Human Services, before the Senate Committee on Labor & Human Resources. 1997 Sep 11. Available from: http://www.hhs.gov/asl/testify/t970911a.html

Images Slide 11: Omaopio. Available from: http://commons.wikimedia.org/wiki/File:Vintage_aloha-shirt-quilt.JPG. Slide 13: Airunp. Available from: http://commons.wikimedia.org/wiki/File:Gran_muralla_badalig_agosto_2004JPG.jpg. Slide 14: Available from: http://commons.wikimedia.org/wiki/File:US_Secret_Service_officers.jpg.Slide 15: Win Henderson/FEMA. Available from: http://commons.wikimedia.org/wiki/File:FEMA_-_16868_-

_Photograph_by_Win_Henderson_taken_on_10-06-2005_in_Louisiana.jpg. Slide 16: Dadero Available from: http://commons.wikimedia.org/wiki/File:Oblique_facade_1,_US_Supreme_Court.jpg. Slide 17: Available from: http://commons.wikimedia.org/wiki/File:Scale_of_justice_gold.png.Slide 18: Jess Loughborough CC BY-NC-ND 2.0. Available from: http://www.flickr.com/photos/sunface13/3650126198.

http://www.techlawjournal.com/privacy/19991030.htm

http://www.hhs.gov/asl/testify/t970911a.html

Documents

Comp5 Unit10a Lecture Slides