HIPAA History and Background

HIPAA History and Background

From a business associates perspective it’s very interesting, to say the least.

As an IT Company, it’s apparent to me the massive change this legislation has brought about is not going to stop; there is too much change occurring in Information Technology at all levels and at all times.

Of course this directly impacts the Security Rule (SR) under HIPPA. Enacted in February 2003, the SR deals with electronic health information (ePHI) which is essentially a subset of what the Privacy Rule encompasses. In terms of actual regulatory text the Security Rule only spans approximately 8 pages, but it is highly technical in nature. Because technology is changing all the time the Final Rule, Omnibus, will not be the final change for HIPAA.

A business associates perspective

Rather than writing another article on HIPAA History and Background, to get this series started I am quoting from an excellent article, written by Daniel J. Solove, entitled:

HIPAA Turns 10 Analyzing the Past, Present and Future Impact. Journal of AHIMA 84, no.4 (April 2013): 22-28.

Mr. Solove writes:
“Ten years ago after countless years of germination and many twists and turns, the HIPAA Privacy Rule finally became effective. It would soon be followed by the HIPAA Security Rule - which was published in 2003 and became effective in 2005 - and eventually by the HIPAA Enforcement Rule and the Breach Notification Rule as well.

HIPAA’s length compares to that of a Tolstoy novel—since it contains some of the most detailed and comprehensive requirements of any privacy and data security law. When the HIPAA regulation initially went into effect, it generated significant skepticism, confusion, and even angst. Many in the healthcare industry asked: Would it be possible to provide efficient healthcare and comply with all of HIPAA’s requirements? What did protecting the confidentiality of protected health information mean? How would HIPAA be enforced? Would HIPAA interfere with the relationships between patients and healthcare providers?

Skeptics wondered whether HIPAA might prove to be too cumbersome and expensive to comply with. Some were concerned that HIPAA wouldn’t provide meaningful privacy protection. Others worried that HIPAA would be redundant with state health privacy laws and would not add much value. People questioned whether HIPAA would really make an impact, and if any impact would be for the better or the worse.

Ten years later these questions have largely been answered. HIPAA has evolved during the past decade and was greatly fortified by the 2009 HITECH Act and its HIPAA modification regulations released in January 2013. Whatever one might think about HIPAA, it is hard to dispute that it has had a vast impact on patients, the healthcare industry, and many others over the last 10 years—and will continue to shape healthcare and HIM professionals for many more years to come.”

HIPAA and the HITECH Act

The HITECH Act is where our company DTS InfoTech got involved in HIPAA. Up to that time, we believed that there was a difference between a covered entity and a business associate. Which is another way of saying that we were not bound by the same rules covered entities were. But with the enactment of HITECH business associates are now directly on the hook for protected health information just like covered entities.

And that’s what we’re addressing in this series of blog posts, business associates and HIPAA Compliance. If you’re a business associate, acting as a sub-contractor to a covered entity, and you are not HIPAA compliant, you better wake up and smell the audit(s) that are sure to come our way.

In our next post we’ll continue talking about: HIPAA History and Background


If your company is a health plan, health care clearinghouse, health care provider, insurance broker etc. and you’re relying on tape drives, external hard drives, or USB devices to back up your protected health data (PHI), then it’s critical for you to get and read: 12 Little-Known Facts Every Business Owner Must Know About Data Backup, Security And Disaster Recovery. Learn for yourself what most IT consultants don’t know or won’t tell you about making sure your company’s critical data is safe from loss, corruption, cyber criminals, natural disasters and employee sabotage, in addition to:

• The only way to know for SURE your data can be recovered if lost, corrupted or deleted – yet fewer than 10% of businesses have this in place.
• 7 critical characteristics you should absolutely demand from any offsite backup service; do NOT trust your data to any company that does not meet these      criteria.
• Where tape backups fail and give you a false sense of security.
• The #1 cause of data loss that most businesses don’t even think about until their data is erased.

You can download your Free Business Advisory Guide Here.
This guide explains in plain every day English what you need to know about data backup, security and disaster recovery.

And don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.


Have you started your HIPAA compliance initiative?

With small health care practices as part of our growing family, we are committed to HIPAA compliance and creating a culture of compliance. We know first-hand that HIPAA compliance for small health care practices is daunting. As a business associate we’re going through it ourselves. We’re actually doing it, not just writing about it.

Do you need some technology help in your health care practice? Would you like to work with a technology company that is dedicated to a culture of HIPAA compliance?

Give us a call at 503.359.1275. We’re always happy to chat!

Return to main HIPAA page

For more information visit:


Dedicated to your success,
Wally Moore
General Manager & Compliance Officer
DTS InfoTech . . . computer networks that work