What Is HIPAA? Why Is It Important in the Health Care System?



By Janette Garfias, Nancy Lemus, Daisy Gomez, Donna de Loera

In 1996 the Health Insurance Portability and Accountability Act (HIPAA) was enacted and in 2003, the Privacy Rule within HIPAA was updated. Since the establishment of HIPAA, the United States has received approximately 150,207 privacy violation complaints (U.S. Department of Health & Human Services (HHS), 2017). From these complaints, only 36,048 cases were investigated with merely 69 percent of them needing some form of corrective action (HHS, 2017).

However, with the growing use of technology in health care organizations and other client-centered businesses, it can be presumed that the number of privacy violations in the U.S. has increased over the years. In recent times, the use of technology has facilitated the collection of large amounts of client information (Benitez & Malin, 2009). This information is often used to guide individual services, and in some cases it can be used for research and development. Although gathering client information is critical for treatment purposes, there is an increased concern about how well client information is protected in both physical and digital forms.

Before the 2003 enactment of the HIPAA Privacy Rule, people’s private information could be distributed to entities without their knowledge or consent (HHS, 2006). In some cases, individuals’ information collected by health insurance providers was given to loan lenders, employers or other health insurance agencies who could then use this information against the individual (HHS, 2006). People’s personal information was being distributed to third parties that had no connection to the entity that obtained those data. As a result, legislators implemented the HIPAA Privacy Rule to ensure that individual’s personal information was not distributed to third parties without their authorization.

The ratification of the HIPAA Privacy Rule also created security guidelines for online electronic systems and ensured that individuals were not discriminated against when applying for insurance or even employment opportunities because of a preexisting health condition (HHS, 2017). The Privacy Rule required health facilities and client-centered businesses to ensure that client information was safely protected. The implementation of these measures are considered necessary to ensure that people’s information remains confidential even with the increased use of technology. The overall intention of HIPAA’s Privacy Rule was to protect client information from being distributed and to also give people the right to protect their medical history (Houser, et al., 2007). Although many people oppose HIPAA due to its strict guidelines, its implementation is necessary to protect individuals, communities and their information from being distributed inappropriately.


Benitez, K., & Malin, B. (2010). Evaluating re-identification risks with respect to the HIPAA privacy rule. Journal of the American Medical Informatics Association, 17(2), 169-177 Chicago.

Houser, S., Houser, H., & Shewchuk, R. (2007). Assessing the effects of the HIPAA privacy rule on release of patient information by health care facilities. Perspectives in Health Information Management, 4, 1

U.S. Department of Health & Human Services. (2006). Why is the HIPAA Privacy Rule needed? Health Information Privacy.

U.S. Department of Health & Human Services. (2017). Numbers at a Glance. Health Information Privacy. Retrieved from https://www.hhs.gov/hipaa/for-professionals/.