HIPAA is 20 years old. What has it meant for healthcare?

On Aug. 21, 1996 — 20 years ago Sunday — President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into law.

Back when bipartisanship still occasionally happened in Washington, this law, championed by then-Sens. Edward M. Kennedy (D-Massachusetts) and Nancy Kassebaum (R-Kansas) has come become to be defined by the privacy and security regulations that it enabled. Those took effect in 2002 and 2003, respectively, after the Bush administration modified rules that the Clinton administration rushed to finish before Clinton left office in January 2001.

But, as the formal name implies, HIPAA initially was known for giving people the right to “portability” of health insurance when they change jobs by limiting the ability for insurers to exclude coverage of pre-existing conditions. The complex law also led to standards for healthcare administrative transactions and a national system of provider identity codes.

HIPAA did call for a national patient identifier as well, but in 1998, Congress voted to deny the Department of Health and Human Services funding to implement a patient ID. The program still has never been funded, and the private sector has since taken it upon itself to address the issue.

So what has HIPAA accomplished in 20 years? Where has it fallen short?