The Health Insurance Portability and accountability Act (HIPAA) became law in 1996 and is intended to set standards for our healthcare providers in regard to sharing, storage and the protection of personal health information. This law was enacted by the congress to protect patient health information from access or use by unauthorized individuals or organizations as well as making health care portable and providing a non-discriminatory protection to all patients. No one wants to go to the hospital, talk to the doctor in private but later gets to hear that the same information that they gave to the doctor has been leaked to the public. When a health care facility infringes on the laws protecting patients and their personal health information, it may lead to legal battles that would see them pay huge fines, risk being de-licensed and consequently damaging their reputation. The Office of Civil Rights (OCR), which is run by the Department of Health and Human Services, is the mandated watchdog to investigate on any form of HIPPA violations in our health care facilities. The HIPPA law is broken into four different parts namely; Portability, Transaction, Security and the Privacy part.
This paper will focus on discussing the above named parts that make up the HIPAA laws and the various specific HIPAA violations that have recently been on the rise in our healthcare facilities. These violations often involve misuse of the personal data in medical records, billing information , health insurance files and conversations between health care staff regarding to patient confidential information.
Among all the HIPPA violations, the most violated section is usually in regard to the patient records. Patient records are confidential documents and therefore should not be shared with anyone. However, there exists an exception to this form of violation when there is a court order ordering the release of patient’s records to be used by a specific entity within the confines of the law. The medical staff should be cautious not to leave unencrypted patient Data with the wrong hands. Common method of data storage which includes data archiving through the use of backup tapes to store health records should be given ultimate security and probably be replaced with more advanced methods of storage of health information that ensures more security of the patients information. For instance, by the use of Cloud disaster recovery which significantly increase the time objectives (RTO).
More than half of the types of medical data breach are attributed to theft of patient confidential information from the physical records (Roach, 2006, p46). Since the HIPPA is designed to ensure the security of patient’s personal information, it emphasizes on the safekeeping of unencrypted data, secure data by passwords if they are stored on storage devices and backing up medical records to avoid losing valuable information about a patient’s health in situations of system malfunctions.
Doctors and nurses are not permitted to talk about any patient with anyone apart from the relevant health care officials concerned with the case of that patient. Therefore it means that the healthcare staff is not allowed to go home and discuss a certain patient for instance with their family members particularly when personal information is divulged. However, there have recently emerged numerous cases and lawsuits in regard to infringement of patients' confidentiality which has unfortunately made many patients especially the ones who are suffering from discriminatory diseases such as HIV/AIDS reluctant to disclose some of their confidential and detailed information about their health status even to medical practitioners. They do this in the fear that their crucial health information would find its way to the public, probably leading to discrimination, and affecting their social lives.
Health Insurance Portability And Accountability Act (HIPAA) affects the medical billing process by making sure that every patient demographic data is accurate and made very confidential. It outlines that there should exist an authorization in the patient's file to allow a medical practitioner to use the confidential data and to bill for carrier services. Without this patient’s authorization of the file, the health worker may not be able to disclose the patient information in regard to any treatment done on this particular patient and therefore will not be able to have a reimbursement from the payer. Though the patient’s medical records, clinical records and progress notes are legal documents that belong to the health care provider, the provider has no legal right to withhold the information unless whereby, releasing the information would be detrimental to the patient’s health. This generally occurs when medical insurance specialists request for information from the patient records. However, these specialists are well trained to discern what patient information can be legally shared with other providers and that which must require authorization from the patient.
These are the types of HIPPA violations that occur in our health care facility at times as a result of easily avoidable mistakes. Inadvertent violations of the HIPPA rules can largely be attributed to staff carelessness. For instance, leaving computers turned on in a way that allows people walking off the street to view patient information is a HIPPA violation and is punishable by law. In addition, accepting flowers from a person who is not on a signed release of the patient information can also be regarded to as a violation since by acceptance the staff sends the message that the patient is present in that facility which would be going against the privacy rule.
Civil Penalties For Violations Of The HIPPA Rules
The Department of Health and Human services (HHS) has the discretion to determine the amount of fine in regard to the extent of the HIPPA violation committed. Generally, a minimum of $100 for each violation and an annual maximum of $25000 for repeated violations when an individual mistakenly or unknowingly infringes on the HIPPA laws. But when an individual violates the HIPPA law knowingly and due to willful neglect, the minimum fine is $50,000 per violation and an annual maximum of $250,000 for repeated offenses (Axzo, 2008, P16).
In conclusion, protection of the privacy of the patient should always be prioritized. This should therefore be respected by all the health care professionals, who in one way or the other, comes across information that may be regarded as confidential and leaking it to third parties might prove to be detrimental. The Office for Civil Rights is committed to enforcing the HIPAA privacy laws to the letter. It clearly states the fines and the probable punishments by the law that may be imposed to any practitioner who might contravene this privacy law. However, I still believe that we should not be compelled by the laws to keep information about our patients confidential, it should be our moral obligation since they have entrusted us with all the information that they would be reluctant to disclose to anybody else.
Axzo Press. (2008). Hipaa Training and Certification: Job-Role-Based Compliance+
Certblaster & CBT. Supremus Group LLC.
Joy, H, Medical office, Avoid Violation of HIPAALaws,
http://medicaloffice.about.com/od/compliance/a/5-Ways-To-Break-Hipaa-Compliance.htm Retrieved March #0, 2013
Roach, W. H., & American Health Information Management Association. (2006). Medical
records and the law. Sudbury, Mass: Jones and Bartlett Publishers.
Top of Form
Bottom of Form