Congress created HIPAA to simplify the health care system, to ensure portability of health care insurance and to ensure the security and privacy of patient information (stopping existing abuses). Title I focuses on access to health care, health care portability and renewability. Title II focuses on preventing fraud and abuse and creates rules to protect the privacy of your health care records. Other HIPAA sections concentrate on defining notification requirements and the impact of the law on research and clinical care and drug and alcohol rehabilitation--important topics all, but primarily of interest to the health care industry.
Title I limits the restrictions a group health plan can apply to new subscribers with pre-existing conditions. The law ensures that people with pre-existing conditions who move from one health plan to another can reduce, or avoid completely, any required exclusion period. For example, if your previous plan provided coverage for your heart condition for as long a time as the length of new plan's proposed exclusion, your new insurer cannot apply the exclusion. Here's a point to remember. If more than 63 days elapse between the time you leave one plan and enroll in another, the time spent under your old plan won't count.
Privacy Rule (Title 2.1)
HIPAA privacy regulations generally apply to any company or service provider who has access to your health records. The regulations provide specific rules regarding using, disclosing and destroying health care information that someone could trace back to you.
For patients, HIPAA represents a positive step in the protection of personal health care information, providing patients with greater control of their own health information, the right to see and correct it when they wish and the ability to decide with whom and how they will share their personal information.
HIPAA regulations place a large and expensive burden on companies who have access to your private health data by adding to the workload of health care providers and others. For example, larger health care institutions are required to appoint full-time "privacy officials" to oversee extensive training and employee communications programs, and failure to meet the letter of the law can be expensive.