A significant portion of the health care system in the United States is governed by the Social Security Act and its amendments, which regulate federally funded health insurance programs for to the nation’s most vulnerable populations. In 1965, Congress fundamentally altered the Social Security Act by adding Title XVIII, which established the Medicare program,[1] and Title XIX, which established the Medicaid program.[2] Medicare guarantees access to health insurance for all Americans, aged 65 and older, younger people with specific disabilities, and individuals with end stage renal disease.[3] The Medicaid program provides federal funding to states for medical and health-related services for persons with limited income.[4] The Children’s Health Insurance Program (CHIP), added later as Title XXI of the Social Security Act, provides health insurance for low-income children, as defined by federal law.[5] Various provisions of the Act address the collection, use, and disclosure of Medicare and Medicaid and CHIP beneficiaries’ health information.
Beyond these public health insurance programs, federal law governs certain aspects of health care practice and health insurance. For individuals, federal law protects the privacy, security, and access to an individual’s health information in a number of ways. In 1996, Congress passed the Health Insurance Portability and Accountability Act (“HIPAA”), which established federal privacy and security protections for health information.[6] In order to strengthen and build upon the HIPAA Privacy and Security Rules, the Health Information Technology for Economic and Clinical Health Act (“HITECH”) was signed into law in February, 2009 as part of the American Recovery and Reinvestment Act (“ARRA”).[7] The Genetic Information Nondiscrimination Act protects an individual’s genetic information from being used by employers, health plans, or issuers in a discriminatory manner.[8]
The United States has also enacted laws that govern the privacy of information held by a government agency and the right of access to information contained in federal records. The United States Freedom of Information Act governs the right of any person to access information contained in federal agency records.[9] The Privacy Act of 1974 governs the protection of identifiable information about individuals, such as patients and practitioners that is either held or collected by the federal government, and when that information may be disclosed or released.[10] The Federal Information Security and Management Act (“FISMA”) is a federal law that provides security protections to information collected or maintained by or for a federal agency.[11]
The most recent major health care law is the Patient Protection and Affordable Care Act (“ACA”), enacted in March, 2010.[12] The ACA includes a wide variety of reforms to the health care system, including a requirement that all Americans obtain health insurance, an expansion of Medicaid eligibility, and the creation of state-based health insurance exchanges. The law also encourages the exchange of health information to foster care coordination and improve the quality of health care.[13]
[1] Social Security Act, Volume II, Title 18, codified at 42 U.S.C. §§1395-1395cc (1965).
[2] Social Security Act Volume I, Title 19, codified at 42. U.S.C. §§ 1396 – 1396v (1965).
[3] Social Security Act §1811, 42 U.S.C. 1395c.
[4] Social Security Act § 1902(a)(10), 42 U.S.C. 1396a(a)(10).
[5] Social Security Act § 1902(a)(43), 42 U.S.C. 1396a(a)(43) (see SCHIP 2108(e) for additional requirements).
[6] Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. No. 104-191, 110 Stat. 139 (1996) (codified as amended in scattered sections of 42 U.S.C.).
[7] ARRA, Pub. L. No. 111-5, Div. A, Title XIII, § 13404, 123 Stat. 260 (2009).
[8] Genetic Information Nondiscrimination Act of 2008, Pub. L. 110-223, 122 Stat. 881, Title II codified at 42 U.S.C. 2000ff et seq. (2008).
[9] Electronic Freedom of Information Amendment Acts of 1996, Pub. L. No. 104-231, 110 Stat. 3048 (1996) (codified as amended at 5 U.S.C. 552).
[10] Privacy Act of 1974, Pub. L. No. 93-579, § 3, 88 Stat. 1896, 1896 (codified as amended at 5 U.S.C. § 552a (2006)).
[11] Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3544 (2006).
[12] Patient Protection and Affordable Care Act (H.R. 3590), as amended by the Health Care and Education Affordability Reconciliation Act of 2010 (H.R. 4872), Pub. L. 111-1522 (signed into law March 30, 2010).
[13] See, “Summary of the Health Reform Legislation,” Health Reform GPS (available at: http://www.healthreformgps.org/summary-of-the-legislation/).