HIPPA Violation

HIPPA Violation

HIPPA Violation
Outline:
– Thesis Statement – Entities covered under HIPAA can be subjected to heavy fines including jail terms as a result of violating HIPAA. Therefore, these parties ought to take proactive measures aimed at ensuring that their organization is in compliance with the letter and spirit of HIPAA
– Definition of HIPAA – provides brief background of HIPAA Violations, and then highlights Types of HIPAA Violations (Title I and Title II of HIPPA).
– Purpose of the Standards – gives reasons for the standards and explains the two categories of HIPAA Violations (accidental and intentional violations).
– Common HIPAA Violations – discusses the most frequent violations related to HIPAA standards that occur in the United States.
– The HIPAA Privacy Rule – extensive discussion the patient privacy rules given by HIPAA provisions
– Ways of Avoiding HIPAA Violations – gives a number of well considered remedies to avoiding HIPAA Violations.
– Summary/Conclusion – An overall view of the state of HIPAA Violations in the United States and general take on the way forward on how healthcare professionals should avoid the violations.

Thesis statement:
Entities covered under HIPAA can be subjected to heavy fines including jail terms as a result of violating HIPAA. Therefore, these parties ought to take proactive measures aimed at ensuring that their organization is in compliance with the letter and spirit of HIPAA.
Definition of HIPPA
The Health Insurance Portability and Accountability Act (HIPPA) was enacted in 1996 by president Bill Clinton with the purpose of setting minimum standards and guidelines for the health care sector as pertains to the privacy of the patient information. Title I of HIPPA provides protection for health insurance coverage for workers together with their families when they happen to change or lose their jobs. Title II of HIPPA is commonly referred to as the Administrative Simplification (AS) provisions and demands of the Department of Health and Human Services (HHS) to take up national standards for electronic health care transactions as well as national identifiers for providers, health insurance plans, and employers (Wu & American Bar Association, 2007). In addition, the Administration Simplification provisions provide for security and privacy of health data of individual patients.
Purpose of the Standards
The aim of the standards is to boost the efficiency of the health care system of the United States as it greatly encourages the prevalent use of electronic data interchange in the sector. Though the legislation has advanced in both the structure and formalities since 1996 to include implementation of punitive actions against violators as well as appropriate enforcement methods, HIPAA violations still occur in the United States. The HIPPA violations fall into two groups: (1) accidental or unintended ones by the healthcare professionals when they fail to make out the risk of their actions and (2) intentional violations in the form of intentional inquiries and disclosures that is malicious in nature.
Common Violations of HIPAA
The most common and minor HIPPA violation includes the use of incorrect or outdated forms coupled with the mistake of not filling them accordingly. The failure to make the patient complete the right forms as requited brings forth loopholes that leave the patient or the health facility unprotected. To avoid this, healthcare workers are obliged to make sure that they have the most updated forms which are easily available and accessible at the Department of Health and Human Services website (U.S. Department of Health & Human Services, 2012). Furthermore, the healthcare workers should make effort to familiarize themselves with the contents of the forms so that they are in a position to immediately pick out mistakes before a patient leaves the healthcare facility.
The HIPAA Privacy Rule
The main goal of the HIPAA Privacy Rule is to assure that health information of the individuals are sufficiently safeguarded while at the same time allowing easy flow of health information that is essential to provision and promotion of high quality care besides protecting the public’s health and welfare. As such, the rule strikes a balance allowing for important use of information while safeguarding the privacy of the individuals who seek care and healing in the health facilities. The Privacy Rule along with the Administrative Simplification Rules applies to health plans, healthcare clearinghouses, and any healthcare provider who deals with health information in electronic form in relation to transactions for which the Secretary of HHS adopted standards under the HIPAA. Furthermore, the Privacy Rule protects all individually identifiable health information which include the demographic data relating to the individual’s past/present/future physical or mental health or condition, provision of health care to the individual, or past/present/future payment for the provision of health care to the individual.
Ways of Avoiding HIPAA Violations
Generally, the surest way to avoid HIPAA violations is through education of all parties on the law and practice itself. Proper training of the healthcare professionals regarding to what HIPPA prohibits as well as what it permits would help them escape simple but costly mistakes that could lose them their jobs or attract a law suit against them. Education can be disseminated through such programs such as the Health Information Privacy and Security (HIPS) Week, where the workers can be re-educated on aspects of compliance among other the significant elements.
Given that training alone would not be sufficient, checks and balances should be implemented in the technology systems to remind the healthcare professionals under the HIPAA regulations (Axzo Press, & Supremus Group, 2008). Also, the healthcare workers should clearly comprehend the legal risks pertaining to either viewing of the patient information or discussing patient information. In this respect, the healthcare professionals ought to consider the following in their efforts to avoid committing HIPPA violations:
i. Healthcare workers should never use the patient’s protected health information (PHI) for personal gain. A basic example of such is when a nurse divulged the PHI of a patient to her husband with the aim of using it against her in a lawsuit. There is also a case of a hospital employee who sold celebrity medical information to at least one media outlet.
ii. Healthcare workers should avoid checking into a patient’s medical records because of the need to satisfy personal curiosity. Therefore, the health institutions should made efforts to track the computer activity of their medical staff and other employees (Roach, 2006). In addition, the hospitals should discontinue the services of those employees who were found to have been accessing the patient’s medical records out of curiosity.
iii. Healthcare professionals should never share their computer passwords and login information. It is mandatory to all hospitals to implement a policy requiring their employees to preserve their computer passwords besides keeping their login information private and confidential. The same passwords and login information should be used by the hospital administration to monitor the activities of their employees on the computers. As such, those who happen to share their passwords together with their login information with their colleagues or other people should explain any instances of inappropriate access of patient PHI along with violation of the policies of their hospitals.
iv. Still with matters of technology, healthcare workers should make sure that they never leave their computer unattended while they are still in duty. Accordingly, health institutions ought to have written policies directing that the employees log off their computer systems before leaving such computer unattended (Axzo Press, & Supremus Group, 2008).
v. Healthcare workers should not communicate PHI to a patient through a way that the patient has not approved. Therefore, the healthcare workers should thoroughly confirm the precise place that their patients have directed them to leave the PHI (U.S. Department of Health & Human Services, 2012). For instance, it is wrong for professionals to assume that it is safe for them to leave the PHI through telephone messages since the patient may not have requested as such.
vi. Healthcare professionals should never discuss a patient’s PHI in a way that other people, who are not related to the patient or do not know something about his or her condition, overhear the information. Public places such as parks and waiting rooms should not be used by the health practitioners to engage in such discussions. Similarly, hospitals should make sure that they treat patients in emergency rooms and other areas that assure privacy. Doctors and nurses should also ensure that they only discuss the important elements of PHI with the patient.
vii. Finally, the health practitioners should take caution not to leave papers carrying patient’s information. HIPAA requires that the hospitals as well as health care providers have reasonable measures to protect patient records, paper records not excluded. The practitioners should abide by the procedures laid down by their hospital management regarding the policies and procedures on keeping paper records especially on destructing such.
Summary/Conclusion
In summary, the increased use of technology in the health care sector has given the providers and patients the power to quickly access the medical records. However, technology continues to pose greater danger to the privacy of patient information since there is widespread electronic transfer of protected health information exposing it to data breeches and misuse (Axzo Press, & Supremus Group, 2008). Therefore, the health workers should familiarize themselves with the legal and risks related to the viewing of patient information or discussing patient medical information.

Annotated Bibliographies
Axzo Press, & Supremus Group (2008). HIPAA training and certification: Job-Role-based compliance + certblaster & cbt, instructor’s edition. Iowa: Supremus Group LLC.
A course on HIPAA rules applicable to varied job roles together with the steps required to implement the rules. It is designed to students from health care, IT, or legal industries prepare for any HIPAA certifications.
Roach, H. William (2006). Medical Records and the Law. Massachusetts, Jones & Bartlett Learning.
This is an appropriate book for programs in Health Information Management which is highly resourceful to health and legal practitioners. The book has detailed outlook of state laws pertaining to use and disclosure of health information, as well as significant changes brought by HIPAA, together with the growth of electronic health record systems.

U.S. Department of Health & Human Services (2012). Summary of the HIPAA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
A presentation of a summary of key element of the Privacy Rule such as who is covered, protected information, and used and disclose protected health information. Not every detail of each provision of the Privacy Rule is discussed rather an overview.

Wu, S. & American Bar Association (2007). Guide to HIPAA security and the law. Illinois: American Bar Association.
This provides a discussion on the role of HIPAA Security Rule in the wider context of HIPAA, as well its other regulations. Useful guidance on the appropriate implementation of HIPAA security is also provided in this publication. Furthermore, there is coverage of the risks of non-compliance where description of the applicable enforcement mechanisms and the prospects for litigation pertaining to HIPAA security are given.
References
Axzo Press, & Supremus Group (2008). HIPAA training and certification: Job-Role-based compliance + certblaster & cbt, instructor’s edition. Iowa: Supremus Group LLC.
Roach, H. William (2006). Medical Records and the Law. Massachusetts, Jones & Bartlett Learning.
U.S. Department of Health & Human Services. (2012). Summary of the HIPAA Privacy Rule . Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
Wu, S. & American Bar Association (2007). Guide to HIPAA security and the law. Illinois: American Bar Association.