The Health Insurance Portability and Accountability - Essay Example

? of the of the of the HIPAA The Health Insurance Portability and Accountability Act 1996 (HIPAA) is a federal privacy rule that safeguards the medical information of an individual. Medical information on paper or in a digitalized form, and oral communications, are encompassed by the Federal Privacy Rule. The disclosure and utilization of confidential medical information, available with health care providers and payers, and covered entities, falls under the purview of the Federal Privacy Rule, from 14 April 2003 (Kutzko, Boyer and Thoman 405). A major portion of the law that had been in force was rescinded by the Federal Privacy Rule. All the same, state laws that provide greater confidentiality to the medical information of patients are not preempted by the Federal Privacy Rule. Moreover, this rule does not affect compensation statutes related to state workers. This has rendered the situation complicated, inasmuch as health care providers and health insurers have to examine, not only their state laws, but also the requirements of the Federal Privacy Rule (Kutzko, Boyer and Thoman 405). Since its inception as a proposed rule in the year 1999, the Federal Privacy Rule has been subjected to several significant changes, which has further complicated the situation. That system had been based on the electronic record, and the HIPAA called for the implementation of unique health identifiers for individuals, health care providers, employers and health plans.In addition, this Act required the establishment of standard code sets and transactions, with regard to the transmission of health information, via electronic methods (Kutzko, Boyer and Thoman 407). Moreover, it also called for the putting into practice of privacy and security norms in the context of health information that could be individually identified. HIPAA made it mandatory for the Secretary of Health and Human Services to provide recommendations about the standards to be maintained with regard to individually identifiable information, to Congress. Furthermore, it required Congress to pass privacy legislation, within 3 years of its effective date. In the event of Congress proving unequal to this task, the Secretary of Health and Human Services was required to enact final privacy regulations, and this was to be done within 42 months of the effective date of the HIPAA (Kutzko, Boyer and Thoman 407). The information stored by certain covered entities, such as health insurers, medical service providers, healthcare clearinghouses and employer sponsored health plans are governed by the Privacy Rule of the HIPAA. This Act establishes regulations in the area of disclosure and use of protected health information (Roitman). By definition, protected health information is information available with a covered entity. It should provide information about an individual, with regard to the payment of healthcare, health status or provision of healthcare. As the interpretation of the term protected health information is very wide, it can relate to any portion of the medical record or payment history of an individual (Roitman). The new federal regulations were aimed at curbing some of the marketing initiatives of the healthcare organizations. Some of these were hospitals, pharmacies, pharmaceutical companies and health insurers. In essence, the HIPAA has effectively restricted the use of the personal health information of patients in promotional campaigns (Donna 31). Healthcare delivery and administration have undergone monumental change, which has significantly enhanced consumer concerns regarding confidentiality. This was accompanied by a greater degree of integration in healthcare, due to the burgeoning data management technologies. HIPAA was promulgated, in order to address privacy concerns, as a basis for national health management registry, and to take care of the requirements of workers whose health insurance coverage had been compromised at the time of changing jobs (Benefield, Ashkanazi and Rozensky 273). These regulations were controlled by the US Department of Health and Human Services Office of Civil Rights. After prolonged review, comment and revision, these regulations were made effective for large healthcare entities in April 2003 and for the smaller healthcare providers in April 2004. Comprehensive practices for preserving the privacy of patients and the punitive actions to be taken, with regard to violations, have been outlined in the HIPAA (Benefield, Ashkanazi and Rozensky 273). What comprises individually identifiable health information and the manner in which such information is to be managed has been unambiguously defined in the HIPAA regulations. Health information that is deemed to be identifiable, includes dates, specific location, telephone numbers, name of the patient, identification numbers, photographs, and biometric identifiers (Benefield, Ashkanazi and Rozensky 274). Such information can relate to the past, present or future physical and mental health of a patient. Moreover, public health information can assume any form of communication or storage, including verbal, video, electronic or paper (Benefield, Ashkanazi and Rozensky 274). The HIPAA regulations are significant for the reason that the patient is rendered an active participant in the process of privacy protection. The objective of these regulations is to enable patients to exercise greater control over health information that relates to them. In addition, many hospitals ensure that there is specific scrutiny, with regard to the related practices. This is achieved by the HIPAA compliance officers and audit committees (Benefield, Ashkanazi and Rozensky 274). Patients have to be furnished, at the time of the commencement of their medical treatment, with a Notice of Privacy Practices or what is also termed a Notice of Disclosures. The purpose of this notice is to provide information to patients regarding the information that is deemed to be personally identifiable, how private health information will be protected and the manner of making disclosures (Benefield, Ashkanazi and Rozensky 274). The patient’s record has to contain a formal acknowledgement of this notice. Furthermore, patients are at liberty to call for more confidential communication. This requires them to stipulate a specific location for the delivery of written or verbal information. Patients, irrespective of the phase of their treatment, are entitled to access their medical records. Such access can be restricted to a perusal of their medical records in the office of the pertinent medical practitioner. In addition, this could be in the form of a release by the patient for the production of duplicate copies of the medical records for their personal use (Benefield, Ashkanazi and Rozensky 274). Moreover, patients have been empowered to call for a correction of their medical records, with respect to information that is inaccurate. Such requests for changing the patient records have to be documented and preserved in the medical file of the patient. It can be presumed that medical practitioners, due to these provisions, would be subject to considerable anxiety. This is all the more true of those in the area of mental health, as the patient records could be of a much more sensitive nature than that of the other classes of patients. Moreover, there have been concerns in some quarters that the medical diagnoses of mental health patients could prove to be detrimental to their cure, if information regarding these diagnoses was to be provided to or chanced upon by the patient. As determined by Bloch et al, in their research studies, the medical records of psychiatric patients could upset such patients while proving difficult for laypersons to understand (Benefield, Ashkanazi and Rozensky 274). Information technology (IT) systems have become the focus of attention, subsequent to the requirement under the HIPAA to preserve the privacy and confidentiality of patients. This requires the implementation of safeguards that forestall hacking and other forms of unauthorized use of confidential and private medical information (Anderson 36). The penalties for infringement are severe, and this imposes considerable pressure to ensure the adequate protection of data. Furthermore, the HIPAA enjoins the presence of a disaster recovery mechanism and a special backup program in computer networks. This measure is aimed at ensuring the recovery of patient data, whenever a disaster transpires. In addition, measures have to be adopted that secure computers, hubs, and networks from invasion. Some techniques that can be employed are the use of encrypted passwords, audit trails, and antivirus software (Anderson 36). Moreover, the security of information can be enhanced by bringing about a change in the manner in which people regard private information. Data that is transmitted to external entities has to be encrypted, as per the requirement of the HIPAA. In addition the HIPAA requires the authentication of data, which includes the noting of the identity of the entity accessing such data and the purpose for which it is accessing the data. The private information of patients should be stored in special computers. In addition, computer firewalls and other safety software have to be installed. Moreover, the exchange of patient information by facsimile should be monitored, and steps taken to limit access to authorized persons (Anderson 37). It is essential for the standard practices of the businesses to be in compliance with this legislation, as the excessive disclosures and plethora translations of privacy law have failed to produce the desired outcomes. In this context, it should be noted that the major airlines have attempted to ensure the privacy of travelers by seeking the assistance of the Homeland Security Department (Anderson 37). The Secure Flight initiative, which is a computerized screening process, has been adopted by the concerned authorities in the aftermath of the 11 September 2001 terrorist attacks. This scrutinizes passenger information and compares it to databases, with the express objective of isolating suspected terrorists. As the screening methods became public, a number of lawsuits were brought against the airlines (Anderson 37). The Office for Civil Rights has been vested with the task of enforcing the provisions of the HIPAA Privacy Rule. The latter is seized with the protection of the privacy of health information that is individually identifiable. In addition, the Office for Civil Rights is also required to enforce the HIPAA Security Rule, which defines the national norms in the area of security of electronic protected health information (U.S. Department of Health & Human Services). Moreover, this office has to enforce the Patient Safety Rule’s confidentiality provisions. These provisions ensure protection for identifiable information that is employed in the analysis of patient safety events and which furthers the safety of patients (U.S. Department of Health & Human Services). The covered entities or organizations that are governed by the Privacy Rule’s norms related to the use and disclosure of the health information of individuals. Moreover, the Privacy Rule stipulates the standards to be enforced at the time of enforcing the privacy rights of individuals and exercising control over the manner in which the health information of patients is utilized (Office for Civil Rights). The Office for Civil Rights is required to implement the Privacy Rule in the areas of voluntary compliance activities and civil money penalties. One of the chief objectives of the Privacy Rule relates to ensuring the adequate protection of individual health information, while permitting the dissemination of health information. The latter should be restricted to promoting high quality health care, and protecting the health and well being of the public (Office for Civil Rights). As is evident, the Privacy Rule arrives at an equitable balance between protecting the privacy of individuals who seek treatment and healthcare and permitting the important uses of such information. This rule admits of considerable flexibility, which is a reflection of the diversity of the healthcare area (Office for Civil Rights). Another important objective of the Privacy Rule is to describe and restrict the circumstances under which the protected health information of individuals may be employed or revealed by the covered entities. The latter are precluded from using or disclosing such information, save for the following instances. First, the Privacy Rule requires or permits such use or disclosure. Second, written authorization has been provided by the individual to whom such information relates (Office for Civil Rights). HIPAA has the added advantage of ensuring health coverage for individuals with preexisting health conditions. Previously, it had been the practice with some employer group health plans to restrict or deny health coverage to a new employee, who was afflicted with a health condition prior to enrolling in that health plan. This has been strictly disallowed by the HIPAA (United States Department of Labor). The HIPAA restricts any group health plan in its examination of a patient’s health records to six months before the commencement of coverage under that plan, in its attempts to discover the existence of a health condition. As such, exclusion under a preexisting condition can be imposed, only in instances in which medical advice, diagnosis, care or treatment had been received or recommended during the half year prior to the employee’s enrollment in the plan. Furthermore, HIPAA precludes any health plan from implementing a preexisting condition exclusion in cases involving pregnancy, certain children and genetic information (United States Department of Labor). In general, the disclosure of protected health information by a covered entity in an electronic health information exchange milieu tends to be restricted to a few explicit purposes. At the same time, there are other purposes for which the Privacy Rule allows a covered entity to reveal protected health information (Office for Civil Liberties). Some instances of such disclosure are in order to report suspected child abuse or a crime that had been committed on the covered entity’s premises. Nevertheless, any disclosure by a covered entity has to comply with the Privacy Rule. In addition, covered entities that participate in a health information organization have to be in a business associate agreement with the latter (Office for Civil Liberties). This agreement has to stipulate the uses and disclosures of the protected health information, which the health information organization can make on behalf of a covered entity. Covered entities, engaged in electronic health information exchange, have to take due cognizance of the various Federal and State privacy laws that could be applicable (Office for Civil Liberties). Furthermore, version 5010 of the HIPAA addressed several of the lacunae in the previous versions of this Act. With the advent of this version of the Act, healthcare payers have been provided with an opportunity to procure business efficiency, by progressing beyond the compliance challenges of the Act and establishing business to business integration with the trading partners. A telling example of this initiative is the B2B Data Exchange solution provided by Informatica for healthcare payers. This endeavor addresses the difficulties being envisaged by the healthcare insurance companies and health plans (Informatica). Public health in the US has improved significantly with the advent of the HIPAA. It is important to realize that this Act enjoins several health insurance portability provisions. These provisions enable workers and their family to retain health insurance coverage, whenever their employment is terminated or they change their job. The uniform electronic and code set requirements of the HIPAA, serve to simplify the procedures associated with claims (Zondorak and McCormick). In addition, these requirements drastically bring down the cost of health insurance, while enhancing the quality of care made available to all. The protections provided under the HIPAA pertain to the majority of the health plans. Some of these are the union and association plans, employment related group policies, and individual policies. A major feature of the HIPAA is that it restricts the influence of the already existing circumstances for people in group health plans. Furthermore, HIPAA safeguards the privacy and confidentiality of patients, with regard to their medical information. There has been a tremendous and unprecedented escalation in the use of the electronic media. It is in this milieu that the HIPAA comes to the fore by ensuring sufficient protection for the identifiable medical information of patients, via its Privacy Rule. This initiative significantly diminishes the possibility of such information being utilized to the detriment of the concerned patient. Works Cited Anderson, Wayne L. "The HIPPA Example of How Privacy Laws Should Work." Business Journal for Entrepreneurs 2010.4 (2010): 35 – 38. Print. Benefield, Hope, Glenn Ashkanazi and Ronald H Rozensky. "Communication and Records: HIPPA Issues When Working in Health Care Settings." Professional Psychology: Research and Practice 37.3 (2006): 273 – 277. Print. Donna, Loyle. "New HIPPA rules affect healthcare marketers." Target Marketing 25.10 (2002): 31. Print. Health Insurance Portability and Accountability Act. United States Congress, 21 August 1996. Informatica. "The Informatica B2B Data Exchange Solution for Healthcare Payers." 17 November 2009. Web. 2 October 2012. . Kutzko, Diane, et al. "HIPPA in Real Time: Practical Implications of the Federal Privacy Rule." Drake Law Review 51.3 (2003): 403 – 458. Print. Office for Civil Liberties. "Collection, Use and Disclosure Limitation." 2012. Web. 2 October 2012. . Office for Civil Rights. "Summary of the HIPAA Privacy Rule." May 2003. Web. 2 October 2012. . Roitman, Howard Robert. "HIPPA Protects Your Privacy." 2012. Web. 2 October 2012. . U.S. Department of Health & Human Services. "Health Information Privacy." 2012. Web. 2 October 2012. . United States Department of Labor. "What is the Health Insurance Portability and Accountability Act of 1996 (HIPAA)?" 2012. Web. 2 October 2012. . Zondorak , Lynn and Courtney McCormick. "The Implications of HIPAA and EMTALA on Public Health." 2010. Case Western Reserve University. Web. 2 October 2012. . Read More