Resources

important hipaa milestones

HIPAA Timeline

The Health Insurance Portability and Accountability Act of 1996 was introduced to improve health insurance coverage for workers changing employment and set standards for the privacy and security of health information and electronic transactions.  The Act has been instrumental in ensuring the privacy of Americans is better protected. There have been numerous updates to the legistation over the years to increase privacy protections and healthcare data security.  This infographic shows the key milestones in the history of HIPAA.

2019-10-23
OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System for HIPAA Violations

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has imposed a civil money penalty of $2,154,000 against Jackson Health System (JHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules between 2013 and 2016.

2017-06-16
OCR Issued Guidance on Cloud Computing

Cloud Service Provider  that are used to create, receive, maintain, or transmit ePHI, are considered Business Associates

2013-09-23
Full Compliance With Omnibus Rules

Now must fully comply with Omnibus Rules

2013-03-25
Omnibus Rule Goes Into Effect

Omnibus Rule goes into effect and healthcare industry given 6 months to fully comply

2013-01-17
Final HIPAA Omnibus Rule Effective

The HHS releases the Omnibus Final Rule.  This rule includes changes to HIPAA from the HITECH Act of 2009

2012-03-24
Omnibus Rules Finalized

Addressed:

  • Business associate liability
  • Genetic information in underwriting
  • Sale of Protected Health Information
  • Marketing
  • Breach Notification Rules and updates
2010-07-06
First HIPAA Fine Issued

Health Net is fined $250,00 for loss of unencrypted hard drive

2010-02-27
HITECH Enforcment Begins

HITECH can be enforeced and new penalties can be applied.

2010-01-08
First Criminal Penalty Assessed

Former employee of UCLA HealthCare plead guilty and sentenced to 4 months in jail for violating HIPAA by accessing and reading private health information

2009-10-29
HITECH Enforcement Interim Rules Released
2009-08-29
Breach Notification Interim Rules Released
2009-02-17
The Health Information Technology for Economic and Clinical Health (HITECH) Signed

Incentives to encourage the uses of electronic health records (particularly in Physician Offices.  Also introduced a new tier structure of penalties for violations.

2006-04-20
HIPAA Security Rule Effective

Security Rule for small health plans went into effect

2006-03-16
HIPAA Enforcement Rule Effective

Enforcement Rule goes into effect

2005-04-18
Proposed HIPAA Enforcement Rules

Enforcement was to be in the purview of the Office of Civil Rights.

2003-04-14
HIPAA Privacy Rule Effective

Privacy rule went into effect

2003-02-20
Final HIPAA Security Standards Rule Published

The Final Security was published

2000-12-20
Final HIPAA Privacy Rule Published

Set national standards for the protection of individually identifiable health information whether in oral, written, or electronic format.

1999-11-03
Final Privacy Rule Proposed

The Privacy Rule is proposed to improve privacy standards and to restrict the disclosure of Protected Health Information and personal identifiers to unauthorized individuals.

Patients will also be given better access to their health data.

1996-09-21
HIPAA Law Passed

President Bill Clinton signed the Kennedy-Kassabaum Bill into law, which became the Health Insurance Portability and Accountability Act