Life Before HIPAA

October 8, 2020

Likely, the number of times someone older than you may have used the phrase “back in my day” is staggering. And while it’s unlikely previous generations did walk 20 miles uphill both ways in the snow to school every day, they DID have to deal with far less patient privacy protections than we have today. So when did protecting patients’ sensitive data become a priority? With the introduction of the Health Insurance Portability Act, better known as HIPAA, in 1996. HIPAA has had a bad reputation since being signed into law but read on to see why HIPAA is actually a good thing – for your practice, and for patients everywhere.

Prior to 1996, health information privacy was like the wild west. There was no federal rule governing the privacy and protection of health information. While most providers acted within reason, no one had defined what protecting your sensitive information meant or how it was going to be regulated.

So let’s take a moment to picture ‘life before HIPAA’. Imagine you’re in the running for the big promotion at work. You’re definitely the best candidate, but your anxiety (undiagnosed bipolar disorder) has started to affect your work performance. Instead of seeking medical help, you pretend everything’s a-okay. You know that if you see a professional, your employer could be notified and your chance at promotion would be out the window. Meanwhile, your anxiety over hiding your anxiety takes an even greater toll – the promotion goes to Chad from Accounting instead. 

This scenario was REAL for many individuals prior to HIPAA. Companies used to receive detailed updates regarding employees’ health insurance. At the same time, patients weren’t necessarily able to receive their own medical records. This was a problem. The only way to protect your health information at the time was not to have any created in the first place – preventing patients from seeking the care they needed.

Enter HIPAA. HIPAA laws standardize the ’right way’ to handle sensitive patient information. While sometimes these standards are anything but simple, it’s clear HIPAA guidelines make sure PHI is actually protected – not just given away like candy. Protecting PHI means ensuring its privacy (the HIPAA Privacy Rule) as well as its security (the HIPAA Security Rule). Ultimately, HIPAA law standardized protections for your patient data through required safeguards in addition to privacy requirements to prevent unauthorized disclosures.

Because of HIPAA, individuals can feel comfortable going to a doctor to receive treatment without fear that it will be the talk of the office break room the next day. Not only do patients have the ability to determine who can and can’t be in the know, but they also have the ability to access records themselves to stay on top of their own care. So next time you’re frustrated with the need to have patients sign a HIPAA authorization form, just remember that HIPAA is what stands between you and chaos. Well, maybe we’re being a bit dramatic, but when sensitive data falls into the wrong hands, it could certainly feel like the end of the world.