Educate Staff and Security Personnel xxxix
Introduction
In order to comprehend the total impact of HIPAA, it is important to
understand the protections it has created for millions of working Ameri-
cans and their families. HIPAA includes provisions that may increase an
individual’s ability to get health coverage for himself and his dependents if
he starts a new job. HIPAA can lower an individual’s chance of losing
existing health care coverage, regardless of whether the individual has that
coverage through a job or through individual health insurance. HIPAA can
help an individual maintain continuous health coverage for herself and her
dependents when she changes jobs. HIPAA also can help an individual buy
health insurance coverage on an his or her own if he or she loses coverage
under an employer’s group health plan and has no other health coverage
available. Among its specific protections, HIPAA limits the use of preexist-
ing condition exclusions and prohibits group health plans from discrimi-
nating by denying someone coverage or charging extra for coverage based
on a covered member’s past or present poor health. HIPAA guarantees cer-
tain small employers, and certain individuals who lose job-related cover-
age, the right to purchase health insurance; and it guarantees (in most
cases) that employers or individuals who purchase health insurance can
renew the coverage regardless of any health conditions of individuals cov-
ered under the insurance policy. In short, HIPAA may lower an individ-
ual’s chance of losing existing coverage, ease an individual’s ability to
switch health plans, and/or help him or her to buy coverage on his or her
own if he or she were to lose coverage under an employer’s plan and have
no other coverage available.
In setting out to achieve each of the aforementioned six goals, the final
bill that was enacted can be summarized into five areas where action was
mandated. We will discuss each of these five areas next:
1. Standards for electronic health information transactions.
Within 18 months of enactment, the Secretary of Health and
Human Services was required to adopt standards from among
those already approved by private standards–developing organiza-
tions (such as NAIC) for certain electronic health transactions,
including claims, enrollment, eligibility, payment, and coordina-
tion of benefits. These standards were required to address the security
of electronic health information systems. This last sentence is of par-
ticular concern to security professionals, who must enable organi-
zations to enforce such privacy rules.
2. Mandate on providers and health plans, and timetable. Pro-
viders and health plans were required to use the standards for the