This document details the subtle differences between the HIPAA privacy rule as it was released at the end of the Clinton administration, vs the revised version released early in the Bush administration.
This specifically discusses the differences between Treatments, Payment and Operations (TPO).
HIPAA at 25 — The lasting health privacy protections of the Clinton administration
This is the story of the conversion of HIPAA, a law with no privacy, interoperability or security details turned into the central privacy regulatory framework for healthcare data in the US.
Back in 1996, as HIPAA legislation was on the verge of passing with bi-partisan support, thorny privacy issues were threatening to scuttle the entire enterprise. A compromise was struck whereby Congress would give itself a deadline of three years to enact privacy legislation, and if it didn’t — the Department of Health and Human Services (HHS) Secretary would by default be required to issue privacy regulations. On the day that three years expired, I was the Deputy General Counsel at HHS and happened to be standing in my boss’ office when Secretary Donna E. Shalala walked in, smiled, and said, “Well, they missed the deadline, I guess you better get started.” The General Counsel, Harriet Rabb, turned to me and said, “I think this one is yours.” With that, I began advising an amazing team of policymakers at HHS as we went about drafting the first federal health privacy regulations in the United States.
This is the reason why the HIPAA law says almost nothing about interoperability and yet it created extensive privacy regulations and interoperability fundamental standards.
President Clinton Issues Strong New Consumer Protections to Ensure the Privacy of Medical Records
This is the press release from the Clinton whitehouse on the release of the HIPAA privacy rule.
These are the statements by President Bill Clinton on the release of the HIPAA Privacy Rule in 2000