Since it was enacted in 1996 by the United States government, The Health Insurance Portability and Accountability Act has enforced strict penalties for organizations who fail to provide data privacy and provisions towards safeguarding medical information. More specifically, it demands that the Department of Human Services and Health in the U.S. (HHS) create regulations that protect both the security and privacy of health information. In order to make these regulations more manageable by both government and private organizations, HHS published the HIPAA Security Rule and HIPAA Privacy rule. However, sometimes this act can be split up into four different rules;

1. HIPAA Privacy Rule
2. HIPAA Security Rule
3. HIPPA Enforcement Rule
4. HIPAA Breach Notification Rule

Below we've listed all of the most important dates involved in the creation, development, and enforcement of HIPAA as a whole, the HIPAA Privacy Rule, and the HIPAA Security Rule while including important links to each date from the U.S. Department of Health & Human Services.

HIPAA SECURITY RULE KEY DATES

• August 14, 2002 - Modifications to the HIPAA Privacy Rule – Final Rule
• March 27, 2002 - Modifications to the HIPAA Privacy Rule – Proposed Rule
• February 28, 2001 - Request for Comments on December 28, 2000, Final HIPAA Privacy Rule
• February 26, 2001 - Correction of Effective and Compliance Dates of the Final HIPAA Privacy Rule
• December 29, 2000 - Technical Corrections to the Final HIPAA Privacy Rule
• December 28, 2000 - HIPAA Privacy Rule – Final Rule
• November 3, 1999 - HIPAA Privacy Rule – Proposed Rule
• Learn about the Rulemaking History of the HIPAA Enforcement Rule, 45 CFR Part 160, Subparts C, D, and E. 
• March 20, 2003 - Notice of Addresses for Submission of HIPAA Health Information Privacy Complaints  (PDF - PDF)
• March 11, 2003 - Notice of Address for Submission of Requests for Preemption Exception Determinations  (PDF - PDF)
• December 28, 2000 - Statement of Delegation of Authority to the Office for Civil Rights   (PDF - PDF)

HIPAA SECURITY RULE KEY DATES

• August 12, 1998 – Security and Electronic Signature Standards - Proposed Rule

• February 20, 2003 – Security Standards – Final Rule

• August 3, 2009 – View the Delegation of Authority Press Release

• August 4, 2009 – Federal Register notice of the Delegation of Authority to OCR (74 FR 38630)