Understanding the HIPAA Timeline & Recent Updates
HIPAA has had several updates throughout its history. Let's take a look at the HIPAA timeline, and learn more about exceptions to HIPAA law during an emergency situation, such as COVID 19.
How did HIPAA temporarily change during COVID-19?
Under certain circumstances, penalties for HIPAA violations are temporarily waved for covered entities and business associates who act in good faith. The notifications issued provide for allowances for and participation in the use of telehealth technologies that may not be fully compliant with HIPAA, such as Zoom or Skype. The notifications issued also provide allowances for uses and disclosures of PHI for public health and health oversight activities, use of online or web-based scheduling applications for the scheduling of individual appointments for COVID 19 vaccinations, and participation in the operation of COVID 19 testing sites.
When Does HIPAA Enforcement Change?
In the event of an emergency scenario, such as a pandemic, HIPAA laws remain in effect, but the enforcement of compliance can be eased for both covered entities and business associates. During 2020 and 2021, the OCR issued a number of enforcement discretion notifications to address how an individual's health information may be used and disclosed in response to the COVID-19 pandemic.
In December 2020, the OCR announced proposed changes to the HIPAA Privacy Rule that would “empower patients, improve coordinated care, and reduce regulatory burdens.” Specifically, some of the proposed changes would:
As of July 2021, the window for public comments on these proposed changes has closed. The comments are currently under evaluation by the OCR and the Department of Health and Human Services.
Allow covered entities to disclose PHI to avert a threat to health or safety when harm is “seriously and reasonably foreseeable.” This is a change from the current definition that uses the terms “serious and imminent” instead.
Ease the sharing of PHI among healthcare providers to increase interoperability, and allow patients to review their PHI in person and take notes or photos of their PHI.
How Is HIPAA Affected by the Overturning of Roe v. Wade?
Following the Supreme Court’s ruling overturning Roe v. Wade, in June of 2022, the Executive Branch of the federal government announced federal regulations to protect individuals' PHI relating to abortion and other sexual and reproductive healthcare. This amendment to the law covers an individual’s right to privacy not only from healthcare providers, but also protection of privacy through medical apps that may monitor sexual health or menstruation. Pharmacies who receive federal financial assistance payments must also ensure that individuals can access healthcare free of discrimination, regardless of their current or past status regarding reproduction.
The History of HIPAA
Review a timeline of the HIPAA legislature:
Here are some myths to look out for:
- -
August 1996: HIPAA signed into law
- -
April 2003: Privacy Rule effective
- -
April 2005: Security Rule effective
- -
March 2006: Breach Enforcement Rule effective
- -
February 2009: HITECH Act signed into law
- -
September 2009: Breach of Notification Rule effective
- -
March 2013: Omnibus Rule effective
- -
December 2020: Announcement of proposed changes to Privacy Rule issued by OCR
- -
June 2022: Announcement of federal law to protect individual’s PHI relating to abortion and other sexual and reproductive healthcare
Stay up-to-date on HIPAA Laws with EasyLlama’s Training
This chapter reviews all of the latest HIPAA laws and how it has changed over time. Remember that laws can be amended at anytime. It is important to be aware of any changes that may occur so that you and your organization remain in compliance. EasyLlama courses are always changing in accordance with new laws and regulations. We stay on top of legislative changes so you can relax knowing that our training material is always fully compliant and that you're shielded from expensive fines. We also take on an annual content update to ensure that your staff members never grow weary of the same material!
Helping over 8,000+ organizations create a safer, more inclusive company culture.
EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers: