Why Was HIPAA Created?

When the Health Insurance Portability and Accountability Act (HIPAA) was passed on August 21, 1996, it was a watershed moment in the history of the United States. What are the goals of HIPAA, and why is it so important? Here, we will discuss the history of HIPAA and why the legislation is so crucial. 

The Importance of HIPAA Compliance

HIPAA is a set of healthcare laws with a dual goal: to protect patient privacy and to improve the quality of service.

Patients’ health insurance should be moved with them, and the transfer of medical records from one health care institution to another should be made as simple as possible.

Standards for handling medical records should be developed in order to protect and enforce patients’ rights to have their medical records and personal health information (PHI) kept confidential.

The HIPAA Privacy and Security Regulations 

HIPAA was created in order to “improve the portability and accountability of health insurance coverage” for employees who are transitioning between positions. Other objectives of HIPAA were the reduction of waste, fraud, and abuse in the areas of health insurance and healthcare provision. 

As a result of the Act’s tax benefits, coverage for employees with pre-existing medical problems, and provisions to make health insurance administration simpler, medical savings accounts were encouraged to be used more frequently.

Following the passage of HIPAA legislation into law, the United States Department of Health and Human Services began work on the development of the first HIPAA Privacy and Security Rules. When it became effective on April 14, 2003, the Privacy Rule established a definition of Protected Health Information (PHI) as well as restrictions on the uses and disclosures of that information. PIH is defined as “any information held by a covered entity that relates to a person’s health status, the provision of healthcare, or payment for healthcare that can be linked to that person.”

Standards were established for the sharing of PHI and consent was necessary before that information may be used for marketing, fundraising, or research purposes. Patients were also given the right to seek copies of their health information from their physicians. When a patient’s treatment is privately paid, the Privacy Rule also allows them to conceal information about their healthcare from health insurance companies.

On April 21, 2005, the HIPAA Security Rule took effect, two years after the Privacy Rule had gone into effect. The Security Rule, which dealt primarily with electronically stored protected health information (ePHI), established three types of security protections – administrative, physical, and technical – that must be implemented in full in order to be in compliance with HIPAA. The following were the objectives of the safeguards:


To put policies and processes in place that clearly demonstrate how the entity will comply with the HIPAA regulations.


To manage physical access to locations of data storage in order to prevent inappropriate access to information.


To ensure that electronic communications containing protected health information (ePHI) were secure when transferred over open networks.