Administrative Simplication


NOTE: This law, which mandates use of four new federally-issued identification and tracking systems, is only applicable to electronic transactions, but the final federal privacy regulation may cover paper transactions as well.  


  • A Right to Your Medical Records? - Federal officials seek to have full access to private medical records. DHHS Secretary Donna Shalala, who was required by the law to make recommendations, on September 11, 1997 recommended that citizens have no right to refuse government access of medical records for four national priorities: health care system oversight, public health and safety, medical research, and law enforcement (including fraud and abuse)
Below are portions of the law.
Click here to read entire law. - Nicely arranged by the Health Hippo

"SEC. 261 Purpose.

It is the purpose of this subtitle to improve the medicare program under title XVIII of the Social Security Act, the medicaid program under title XIX of such Act, and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information

SEC. 262 Administrative Simplification


(1) CODE SET.---The term 'code set' means any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes.

(2)HEALTH CARE CLEARINGHOUSE.---The term 'health care clearinghouse' means a public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements

(3) HEALTH CARE PROVIDERS.---The term 'health care provider' includes a provider of services (as defined in section 1861(u)), a provider of medical or other health services (as defined in section 1861(s)), and any other person furnishing health care services or supplies.

(4) HEALTH INFORMATION.---The term 'health information means any information, whether oral or recorded in any form or medium, that ---

(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or furture payment for the provision of health care to an individual.


(6) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.---The term 'individually identifiable health information' means any information, including demographic information collected from an individual, that---

(A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and---

(i) identifies the individual; or

(ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.

(7) STANDARD.--- The term 'standard', when used with reference to a data element of health informaiton or a transaction referred to in section 1173(a)(1), means any such data element or transaction that meets each of the standards and implementation specifications adopted or established by the Secretary with respect to the data element or transaction under sections 1172 through 1174.



(1)IN GENERAL. ---The Secretary [of DHHS} shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system. In carrying out the preceding sentence for each health plan and health care provider, the Secretary shall take into account multiple uses for identifiers and multiple locations and specialty classifications for health care providers.

(2) USE OF IDENTIFIER.---The standard adopted under paragraphs (1) shall specify the purposes for which a unique health identifier may be used

(c) CODE SETS.---
(1) IN GENERAL.--- The Secretary shall adopt standards that---
(A) select code sets for appropriate data elements for the transactions referred to in subsection (a)(1) from among the code sets that have been developed by private and public entities; or

(B) establish code sets for such data elements if no code sets for the data elements have been developed.

(2) DISTRIBUTION.---The Secretary shall establish efficient and low-cost procedures for distribution (including electronic distribution) of code sets and modifications made to such code sets under section 1174(b).


(1) SECURITY STANDARDS.---The Secretary shall adopt security standards that---

(A) take into account---
(i) the technical capabilities of record systems used to maintain health information;

(ii) the costs of security measures:

(iii) the need for training persons who have access to health information;

(iv) the value of audit trails in computerized record systems; and

(v) the needs and capabilities of small health care providers and rural health care providers (as such providers are defined by the Secretary) ; and

(B) ensure that a health care clearinghouse, if it is part of a larger organization, has policies and security procedures which isolate the activities of the health care clearinghouse whith respect to processing information in a manner that prevents unauthorized access to such information by such larger organization.

(2)SAFEGUARDS.---Each person described in section 1172(a) who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical and physical safeguards---
(A) to ensure the integrity and confidentiality of the information;

(B) to protect against any reasonably anticipated---

(i) threats or hazards to the security or integrity of the information; and

(ii)unauthorized uses or disclosures of the information; and

(C) otherwise to ensure compliance with this part by the officers and employees of such person.



(a) IN GENERAL.---Not later than the date that is 12 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall submit to the Committee on Labor and Human Resources and the Committee on Finance of the Senate and the Committee on Commerce and the Committee on Ways and Means of the House of Representatives detailed recommendations on standards with respect to the privacy of individually identifiable health information.


The National Committee on Vital and Health Statistics is required to make recommendations on adoption of a data standard under that law. See the full text of the initial set of NCVHS recommendations relating to HIPAA data standards is reproduced below.
THE VOTE on H.R. 3103 (HIPAA) - Conference Report
(According to the Congressional Quarterly, A yes vote was "a vote in support of the president's position")
House: Total seats 435
Vote: 421 - 2
Opposed: Stark (D-CA) and Williams (D-Montana)
Not Voting: Lincoln, B (D-AK), Dickey, J (R-AK), Young,C (R-FL), Gingrich,N (R-GA), Brownback, S (R-KS), McDade, J (R-PA), Ford, H (D-TN), Wilson, C (D-TX),
Senate: Total Seats: 100
Vote: 98 - 0
Vote Date: August 2, 1996, 5:59 pm
Not Voting: Murray (R-WA) and Pryor (AR)