Thesis statement: Entities covered under HIPAA can be subjected to heavy fines including jail terms as a result of violating HIPAA. As the parties ought to take proactive measures aimed at ensuring that their organization is in compliance with the letter and spirit of HIPAA.
Definition of HIPPA
The Health Insurance Portability and Accountability Act (HIPPA) was enacted in 1996 by president Bill Clinton with the purpose of setting minimum standards and guidelines for the health care sector as pertains to the privacy of the patient information. Title I of HIPPA provides protection for health insurance coverage for workers together with their families when they happen to change or lose their jobs. Title II of HIPPA is commonly referred to as the Administrative Simplification (AS) provisions and demands of the Department of Health and Human Services (HHS) to take up national standards for electronic health care transactions as well as national identifiers for providers, health insurance plans, and employers (Wu & American Bar Association, 2007). In addition, the Administration Simplification provisions provide for security and privacy of health data of individual patients.
The aim of the standards is to boost the efficiency and effectiveness of the health care system of the United States as it greatly encourages the widespread use of electronic data interchange in the sector. Though the legislation has advanced in both the structure and formalities since 1996 to include implementation of punitive actions against violators as well as appropriate enforcement methods, HPAA violations still occur in the United States. The HIPPA violations fall into two groups: (1) accidental or unintended ones by healthcare professionals when they fail to make out the risk of their actions, (2) Intentional violations in the form of intentional inquiries and disclosures thus malicious in nature.
The most common and mildest of the HIPPA violations include the use of incorrect or outdated forms coupled with the mistake of not filling them accordingly. The failure to make the patient complete the right forms as requited brings forth loopholes that leave the patient or the health facility unprotected. As a remedy to this, healthcare workers are obliged to make sure that they have the most updated forms with them which are easily available at the Department of Health and Human Services website (U.S. Department of Health & Human Services, 2012). Furthermore, the healthcare workers are must make effort to familiarize themselves with the contents of the forms so that they are in a position to immediately pick out mistakes before a patient goes away from the healthcare facility.
The HIPAA Privacy Rule
The main goal of the HIPAA Privacy Rule is to assure that health information of individuals is sufficiently safeguarded while at the same time allowing easy flow of health information essential to provision and promotion of high quality care besides protecting the public’s health and welfare. As such the rule strikes a balance allowing for important use of information while safeguarding the privacy of the individuals who seek care and healing in health facilities. The Privacy Rule along with the Administrative Simplification Rules apply to health plans, healthcare clearinghouses, as well any healthcare provider who deals with health information in electronic form in relation to transactions for which the Secretary of HHS adopted standards under the HIPAA. Furthermore, the Privacy Rule protects all “Individually identifiable health information including demographic data relating to the individual’s past/present/future physical or mental health or condition; the provision of health care to the individual, or; the past/present/future payment for the provision of health care to the individual.
Ways of Avoiding HIPAA Violations
Generally, the most sure way of avoiding HIPAA violations is through education of all parties pertaining the law and practice itself. Proper training of the healthcare professionals regarding to what HIPPA forbids as well as what it permits would help them escape simle but costly mistakes that could lose them their jobs or attract a law suit against them. Education can disseminated through such programs as the Health Information Privacy and Security (HIPS) Week, where the workers can be re-educated on aspects of compliance among other significant elements.
Given that training alone would not be sufficient, there need to have checks and balances implemented in the technology systems so as to remind healthcare professionals of the HIPAA regulations (Axzo Press, & Supremus Group, 2008). Furthermore, the is need for healthcare workers to clearly comprehend the legal risks pertaining to either viewing of the patient information or discussing patient information. In this respect, therefore, healthcare professionals ought to consider the following in the effort to avoid HIPPA Violations:
i. Healthcare workers should never use the patient’s protected health information (PHI) for personal gain. A basic example healthcare pesonnel using patients medical information is in the instance where a nurse divulged PHI on a patient to her husband with the aim of it being used against the patient in a lawsuit by the husband. Yet there is a case of a hospital employee having sold celebrity medical information to at least one media outlet.
ii. Healthcare workers should avid snooling into a patient’s medical records because of the need to satisfy personal curiosity. To this effect it protect against HIPAA violations if health institutions made effort to track the computer activity of their medical staff as well as other employees. In addition, hospitals should discontinue the services of those employees found to have inappropriately accessed patient medical records.
iii. Healthcare professionals ought to never share their computer passwords and log on information – to this effect, it is incumbent to all hospitals to have in place a policy requiring their employees to preserve their computer passwords besides keeping their log on information private and confidential. The same passwords and log on information ought to be used by the hospital administration to monitor the activities of their employees on the computers. As such those who happen to share their passwords together with their log on information with their workmates or other people should be made to explain any instances of inappropriate access of patient PHI along with violation of the policies of their hospitals.
iv. Still with matters technology, healthcare workers should make sure that they never leave their computer unattended while they are still logged on. Accordingly, health institutions ought to have written policies directing that employees log off their computer systems before leaving such computer unattended (Axzo Press, & Supremus Group, 2008).
v. Healthcare workers should take care not to communicate PHI to a patient by a means that the patient has not approved. Therefore, healthcare workers should thoroughly confirm the precise place that their patients have directed them to leave PHI (U.S. Department of Health & Human Services, 2012). For instance, it is wrong for professionals to assume that it is safe for them to leave PHI through telephone messages though the patient may not have requested as such.
vi. Healthcare professionals should also take care never to discuss patient’s PHI in a way that other people not deserving to know it get to overhear the information. Public places such as parks, waiting rooms should not be used by health practitioners to engage in such discussions. Similarly, hospitals should make sure that they treat patients in emergency rooms and other areas that assure of patient privacy. Doctors and nurses should also ensure that they only discuss elements of PHI that they absolutely must discuss with the patient.
vii. Finally, health practitioners should take caution not to leave papers carrying patient’s information. HIPAA requires that hospitals as well as health care providers make sure that they have reasonable safeguards to protect patient records, paper records not excluded. The practitioners should abide by procedures laid down by their hospital management regarding to policies and procedures on paper records especially on destruction of the paper records.
In summary, therefore, the increased use of technology in the health care sector has served to help providers, insurers, along with patients the power to quickly access medical records. On the other hand, however, technology continues to pose greater danger to the privacy of patient information in the sense that there is widespread electronic transfer of protected health information exposing it to data breeches and misuse (Axzo Press, & Supremus Group, 2008). Therefore, health workers should familiarize themselves with the legal and risks related to viewing of patient information or discussing patient medical information.
References:
Axzo Press, & Supremus Group. (2008). Hipaa Training and Certification: Job-Role-Based Compliance + Certblaster & CBT, Instructor’s Edition. Iowa, Supremus Group LLC.
Wu, S. Stephen, & American Bar Association. (2007). Guide to HIPAA security and the law. Illinois, American Bar Association.
U.S. Department of Health & Human Services. (2012). Summary of the HIPAA Privacy Rule. Retrieved on April 4, 2012 from: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
