Write a report on Hippa topic.
- Body of paper must be 3 – 5 pages with a separate cover page and reference page.
- The report is to be typed, neat, and well organized, double spaced, using 12-point font size and 1 inch margins using the American Psychological Association (APA) format.
- Use correct spelling and grammar.
- Include a minimum of six different sources of information (books, professional journal articles, electronic sources, websites, etc.).
- Indicate the exact source of the specific information presented, citing all references appropriately using APA format. No copying, cutting and pasting is accepted, it is considered plagiarism.
- Criteria for grading:
Completion of content, citation of references and organization(70%)
Sources of information(10%)
Grammar, spelling, neatness(20%)
Total100%.
HIPAA
Although confidentiality, privacy, and security are different terms but used interchangeably, they relate to protecting information in health care organizations. The law in the United States protects patient information and health records from illegal or malicious access. However, health care providers face challenges in balancing between privacy, security, and confidentiality of health information and the need to provide quality care to patients. While ethical standards provide a guideline to health care providers to observe privacy, security, and confidentiality of health information, legal frameworks, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), offer better standards to ensure the safety of patient records.
HIPAA
HIPAA is a federal law in the United States enacted by the 104th Congress. President Bill Clinton signed the bill into law on August 21, 1996 (Nosowsky & Giordano, 2006). The law requires the Secretary of the U.S. Department of Health and Human Services (HHS) to create regulations to protect health records’ security and privacy.
The Purpose of HIPAA
The law was meant to modernize the movement of health information, stipulating how covered entities maintain personally identifiable information. The law would protect such entities from illegal access to information and fraud or theft (Nosowsky & Giordano, 2006). Furthermore, the law addresses the limitations on insurance coverage to Americans. The law also requires national standards to ensure that covered entities protect sensitive patient information from illegal disclosure. Whenever they intend to disclose the information, they should seek the patient’s consent.
The History of HIPAA
The law has been in force since August 21, 1996, when it was signed into law. Before the law was created, the country lacked any generally accepted security standards or general requirements that protected information in healthcare organizations (Atchinson & Fox, 1997). The challenge became worse with the development of information technology that made it possible for healthcare organizations to create and distribute a high quantity of patient health records. The development in information technology also improved the potential for third parties and unauthorized persons to access patient information. Consequently, the government recognized the need to create an effective policy to protect the confidentiality, privacy, and security of patient records, leading to HIPAA development.
The law was responsible for major changes in the health care system, although the changes did not happen overnight. When the Act was enacted for the first time, it necessitated creating standards to protect individually identifiable health information by the Secretary of Health and Human Services (HSS). The initial set of proposed “Code Set” standards was published in 1999. The initial proposal for the establishment of the Privacy Rule was made in 2000. The law also evolved considerably since the earliest incarnation (Atchinson & Fox, 1997). The language changed to accommodate development in technology, while the legal scope extended to cover Business Associates. The law changed to cover the disclosure or use of Protected Health Information (PHI).
Government Involvement
The U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) polices the HIPAA regulations and investigates reported complaints regarding potential law violations. State Attorneys General also has the mandate to act against Covered Entities and Business Associates that violate the law. The OCR and State Attorneys General can impose financial penalties on violators of HIPAA regulations.
Titles
HIPAA has five Titles:
Title I: Offers protection to health insurance coverage for employees and their dependents that lose or change their jobs. The title also limits new health plans the capacity to deny coverage to people with pre-existing conditions.
Title II: Protects against Health Care Fraud and Abuse and Medical Liability Reform. The title also calls for the establishment of standards for electronic health care transactions.
Title III: Creates guidelines for pre-tax medical spending accounts. The title also justifies changes to a health insurance policy and deductions for medical cover.
Title IV: Creates guidelines for group health plans and offers changes for health coverage.
Title V: Controls company-owned life insurance policies. The title also provides for the treatment of people without United States Citizenship.
Privacy Rule
The Secretary of the U.S. Department of Health and Human Services (HHS) created the Privacy Rule to deal with the disclosure and use of individuals’ health information (“protected health information.”) (Cohen & Mello, 2018). The Rule introduces “covered entities,” individuals, and agencies subject to the Privacy Rule. The Rule also includes standards for personal rights to comprehend and control the use of the information by the owner. The Rule aims to ensure that personal health information is adequately protected while ensuring effective movement to support quality care to patients and protect the public’s health and wellbeing of the public. Thus, the Rule ensures a balance between proper use of patient information while protecting patients’ privacy.
Security Rule
Apart from the Privacy Rule, the law has Security Rule to safeguard protected health information (PHI). The provision offers protection to a subset of information that the Privacy Rule covers. The subset comprises all identifiable health information created, received, maintained, or transmitted electronically by a covered entity (CDC, 2018). Covered entities should ensure the integrity, confidentiality, and availability of the information and emphasize professional ethics and best judgment to comply with the Rule.
Covered Entities
One of the groups of covered entities is healthcare providers, regardless of their size, who create electronic records in their interactions with patients (CDC, 2018). The involved transactions include claims, referral authorization requests, and benefit eligibility inquiries.
The second group of covered entities is health plans, which provide medical coverage or pay for health care services. The organizations include dental, vision, health, and prescription drug insurers; Medicare+Choice, Medicare, Medicaid, health maintenance organizations (HMOs); and Medicare supplement insurers (CDC, 2018). They also comprise government- and church-sponsored health plans, employer-sponsored group health plans, and multi-employer health plans.
The third group of covered entities is healthcare clearinghouses, which are organizations that process nonstandard information received from others into data content or standard format (CDC, 2018). They receive the information when required to process a health plan or healthcare provider in most cases.
The last covered entity is business associates, people, or organizations that use or disclose individually identifiable health information while working for a covered entity, such as a hospital or insurance company, such as data analysis, claims processing, billing, or utilization review.
Conclusion and Reflection
The non-intuitive name of the law, the “Health Insurance Portability and Accountability Act” (HIPAA), masks an understanding of the immediate impact on the health care system. However, apart from ethical guidelines, the law has a major impact on how health care providers treat patient health information. As an allied health student, one has a huge responsibility to understand and apply the law to protect patient information and prevent any legal ramifications for violation. Thus, general working knowledge of HIPAA practices is necessary to maintain a legal focus when working with patient records.
References
Atchinson, B. K., & Fox, D. M. (1997). From the field: the politics of the health insurance portability and accountability act. Health Affairs, 16(3), 146-150.
CDC (2018). Health Insurance Portability and Accountability Act of 1996 (HIPAA), CDC.
Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century. Jama, 320(3), 231-232.
Nosowsky, R., & Giordano, T. J. (2006). The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule: implications for clinical research. Annu. Rev. Med., 57, 575-590.