The Different Parts of HIPAA
Since it was enacted in 1996 by the United States government, The Health Insurance Portability and Accountability Act has enforced strict penalties for organizations who fail to provide data privacy and provisions towards safeguarding medical information. More specifically, it demands that the Department of Human Services and Health in the U.S. (HHS) create regulations that protect both the security and privacy of health information. In order to make these regulations more manageable by both government and private organizations, HHS published the HIPAA Security Rule and HIPAA Privacy rule. However, sometimes this act can be split up into four different rules;
HIPAA Privacy Rule
HIPAA Security Rule
HIPPA Enforcement Rule
HIPAA Breach Notification Rule
Below we've listed all of the most important dates involved in the creation, development, and enforcement of HIPAA as a whole, the HIPAA Privacy Rule, and the HIPAA Security Rule while including important links to each date from the U.S. Department of Health & Human Services.
HIPAA Key Dates
August 21, 1996 - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law
April 14, 2003 - Deadline for Covered Entities to comply with the Privacy Rule
April 20, 2005 - Deadline for Covered Entities to comply with the Security Rule
March 13, 2006 - The Enforcement Rule goes into effect
February 17, 2009 - The American Recovery and Reinvestment Act of 2009 (ARRA) was signed into law. This is the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
January 17, 2013 - The US Department of Health and Human Services (HHS) releases the Omnibus Final Rule
March 26, 2013 - The Omnibus Final Rule takes effect
September 22, 2013 - Covered Entities, Business Associates, and subcontractors must be in compliance with most provisions under the Final Rule
HIPAA PRIVACY RULE KEY DATES
November 3, 1999 - HIPAA Privacy Rule – Proposed Rule
December 28, 2000 - HIPAA Privacy Rule – Final Rule
December 28, 2000 - Statement of Delegation of Authority to the Office for Civil Rights (PDF - PDF)
December 29, 2000 - Technical Corrections to the Final HIPAA Privacy Rule
February 26, 2001 - Correction of Effective and Compliance Dates of the Final HIPAA Privacy Rule
February 28, 2001 - Request for Comments on December 28, 2000, Final HIPAA Privacy Rule
March 27, 2002 - Modifications to the HIPAA Privacy Rule – Proposed Rule
August 14, 2002 - Modifications to the HIPAA Privacy Rule – Final Rule
March 11, 2003 - Notice of Address for Submission of Requests for Preemption Exception Determinations (PDF - PDF)
March 20, 2003 - Notice of Addresses for Submission of HIPAA Health Information Privacy Complaints (PDF - PDF)
Learn about the Rulemaking History of the HIPAA Enforcement Rule, 45 CFR Part 160, Subparts C, D, and E.
HIPAA SECURITY RULE KEY DATES
August 12, 1998 – Security and Electronic Signature Standards - Proposed Rule
February 20, 2003 – Security Standards – Final Rule
August 3, 2009 – View the Delegation of Authority Press Release
August 4, 2009 – Federal Register notice of the Delegation of Authority to OCR (74 FR 38630)