When Congress passed the Health Insurance Portability and Accountability Act in 1996, HIPAA was marketed as a modest attempt to address health insurance portability and job‐lock problems facing insured workers who wanted to change jobs. Today, the bill’s sponsors have good reason to be modest about its portability achievements: HIPAA provided little, if any, help to vulnerable consumers seeking more affordable health insurance options. It did create a false sense of security that lulled many buyers into getting less value for their insurance dollar. HIPAA tried to lock an outdated, employer‐based insurance market structure into place. It stifled promising market innovations such as medical savings accounts. Most recently, it has confronted proposed defined contribution health plans with legal uncertainties about how they might be regulated.
Meanwhile, the accountability side of HIPAA launched an expansion of the federal government’s role in controlling private health arrangements and reversed decades of regulatory deference to the states. Its vague statutory language set in motion a nearly incomprehensible maze of federal health privacy regulations that promise little in the way of effective privacy protection, yet impose extraordinary compliance burdens. The HIPAA regulations issued earlier this year actually grant government officials unprecedented access to personal health information.
HIPAA also sought to lower health care costs by reducing “fraud and abuse.” It incorporated a number of the 1993 Clinton health plan’s proposed criminal and civil sanctions against physicians and other health care providers. HIPAA federalized health fraud law, stiffened penalties, ramped up spending committed to fraud control, and stimulated an unprecedented number of enforcement actions. Instead of improving pre‐payment claims’ review processes in federal health programs, it used the threat of severe sanctions to criminalize billing disputes and coerce discounts after‐the‐fact.
As it nears age five, HIPAA needs a trip back to reform school. When HIPAA came before Congress, members were eager to gain credit for positive health care accomplishments that wouldn’t appear to cost taxpayers any money and didn’t threaten to overhaul the entire health care system. Relatively minor health insurance regulatory reforms that addressed the anxieties of middle‐class voters were the popular fix. So HIPAA was sold with the promise that insured workers would not confront job‐lock (in which preexisting condition exclusions or other “health status” discrimination might jeopardize their insurance coverage) whenever they changed jobs.
Legislators didn’t mention that HIPAA could not guarantee that your next employer would offer health insurance coverage. Nor did HIPAA control what insurers would charge for group coverage. It provided guaranteed access, not affordability, because it left rate regulation up to individual states. In the fragile small‐group market, HIPAA did little harm because it also provided little help. By aiming at a small problem (fewer than one percent of the population was likely to be denied health insurance for medical reasons), and offering largely illusory solutions, HIPAA had little overall effect on rates of insurance coverage, job mobility, or insurance prices. Tight labor markets and a booming economy throughout the second half of the last decade delivered higher levels of private coverage — not HIPAA.
For insurance portability, HIPAA largely codified at the federal level what most states had already done. HIPAA’s time limits on pre‐existing condition exclusions matched or exceeded the existing practices of most private insurers. HIPAA’s insurance reforms for the traditionally less‐regulated individual market were even more cosmetic. Before HIPAA, most individual policies already were guaranteed renewable.
While most observers focused on HIPAA’s hollow portability promises, the legislation launched a host of new federal regulatory burdens on private health care delivery. HIPAA’s restrictive demonstration project for medical savings accounts slowed the growth of the overall MSA market. HIPAA’s arsenal of new federal health care offenses and expanded funding for fraud and abuse control expanded the criminalization of medical practice.
Before the Congress that couldn’t shoot straight hands over more regulatory weapons to the federal health care bureaucracy to reform private managed care insurance, it should review the HIPAA record, install some trigger locks, take two aspirins, and call some real free‐market doctors in the morning.