The term HIPAA refers to the privacy rule that provides a federal protection for individuals in terms applying confidentiality rules towards health information held by relevant entities (hhs.gov). The discussion about HIPAA focuses on defining its patient privacy portion including the aspects of security, authorization, and consent. Furthermore, the principles of HIPAA in terms patient of information security will be highlighted through real-life example. This includes the encompassing penalties and applicable legal actions that can be taken as a result of violation. Lastly, responding to violation will encompass the proper reporting procedure, which will be also examined in this discussion. It is apparent tat HIPAA was enacted to protect Americans from unruly practice of disclosing patient information.
The acronym refers to Health Insurance Portability and Accountability Act, enacted in 1996 that provides the legal guidelines handling sensitive patient information. The provision constituting the privacy rule of the Act stipulates that an individual’s medical records and other personal information pertaining to healthcare and conditions should be kept confidential (hhs.gov). Furthermore, the provision also states that providers who are conducting electronic transaction should properly safeguard the information being transferred through electronic means. In addition, the provisions of the Act clearly indicate a standard authorization and consent protocol where providers authorized by the government to contract and handle patient data. On the other hand, consent is being practiced in the healthcare sector in a manner that the invention or technology that utilizes health data should be given consent by the government (acquisition.gov).
Application in Practice
The HIPAA clearly stipulates that in no circumstances that the patient’s information should be used other than for medical related purpose involving the patient himself. Despite the strict imposition of HIPAA, there are still healthcare companies that violate the law. For example, a prescription insurance company received a call from a patient ordering medication by-mail. Apparently, the customer service agent processing the order realized that the medications that the patient is ordering for HIV. As soon as order was processed, the agent intentionally kept the patient’s record on the computer screen, logged on to the network in his home computer, and talked about the patient’s condition with his friend.
Such action constitutes a violation of the HIPAA provision pertaining unauthorized disclosure of patient information to unauthorized individual. The violation will incur a penalty of not less than $50,000 to a maximum of $250,000 and imprisonment of 10 years (ama-assn.org). In cases where the patient realized that his health records was compromised, the patient is required to file the complaint in writing either through OCR Complaint Portal or by paper sent through mail. The complaint report should indicate the person or organization involved and complaints should be filed within 180 days upon the occurrence.
HIPAA aims to protect the interests of the people by securing a law that will prevent critical patient data from being publicly exposed. The statutory law also ensures that the advent of technology will not affect the manner of sharing information between care providers. The reason for imposing financially damaging penalties towards the violators is to deter the possibilities of anyone committing the offence. The main objective of the law is not only to minimize the risk sensitive information from being exposed to the public eye, but also to secure the right of every person of his privacy.
Acquisition.gov. "52.227-1 Authorization and Consent." acquisition.gov. acquisition.gov, 2012. Web. 5 Nov. 2014. <https://acquisition.gov/far/current/html/52_227.html>.
Ama-assn.org. "HIPAA Violations and Enforcement." American Medical Association. ama-assn.org, 2014. Web. 5 Nov. 2014. <http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page?>.
Hhs.gov/. "The Privacy Rule." United States Department of Health and Human Services | HHS.gov. hhs.gov/, 2014. Web. 5 Nov. 2014. <http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/>.
Hhs.gov. "Notice of Privacy Practices for Protected Health Information." United States Department of Health and Human Services | HHS.gov. hhs.gov, 2014. Web. 5 Nov. 2014. <http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/notice.html>.
Hhs.gov. "Understanding Health Information Privacy." United States Department of Health and Human Services | HHS.gov. hhs.gov, 2014. Web. 5 Nov. 2014. <http://www.hhs.gov/ocr/privacy/hipaa/understanding/>.