Table of Contents
HIPAA regulations
HIPAA is an act that was instituted in 1996 and it mandated the health and human services (HHS) department to come up with regulations that would protect the security and privacy of patient’s health data. In fulfillment of the objectives, the HHS published what is currently known as the HIPAA security rule and the HIPAA privacy rule (Choi et al., 2006). The privacy rule ideally set out national standards that would govern the safeguarding of particular health info while the security rule was to come up with security standards that would safeguard health info that is either stored or one that is transferrable in electronic form.
Health care providers have the mandate of ensuring that they have taken reasonable steps that ensure that a patient’s information is maintained as confidential and additionally be consistent with the individual’s preferences. For instance, patient-doctor discussions are required to happen in private and some patients might prefer that the doctor call their cell phones instead of home. Even those well-meaning friends and family members may not be allowed to obtain information about their loved one’s medical records without their consent. Therefore it is certain to note that all persons are entitled to confidentiality unless in the case they provide consent for its disclosure or also in the case where they are not in a position to express a preference. The latter option may occur in the case where one is severely incapacitated or confused. Therefore this is well highlighted in HIPAA, especially under the privacy rule.
HIPAA-privacy rule section sets out detailed rules that govern healthcare practitioners regarding privacy, disclosure and access to patient information. In specific HIPAA sets out a number of rules. One is that individuals are at liberty to obtain and see copies of their medical records and also ask for any corrections to be made. Secondly, it confers the right to anyone authorized to make decisions for a patient that is incapacitated. Such persons have the right to access the person’s medical history and information (Arora et al., 2014). Thirdly, the privacy rules notes that health care practitioners should routinely undertake a disclosure of their practices with regard to the privacy of personal medical information. Further health care practitioners are at the liberty to share a patient’s medical records only among themselves and this is only as much as it is necessary in the provision of medical care. Fourthly, the medical personal medical information ought not to be disclosed by health care practitioners for their marketing purposes. Additionally, health care practitioners are required to undertake reasonable steps that ensure confidentiality is upheld during communications with their patients.
However it is vital to note that the HIPAA privacy is not meant to present barriers to normal communication with the patient’s friends and family. The rules therefore to some extent permit the healthcare givers to share info that is directly relevant to the participation of the friends, family, spouses and other persons that the patient may have identified (Freedman et al., 2016). In the instance when the patient may not have the capacity to make sound heath care decisions, the doctor may be at liberty only under the consent of the patient to discuss the info with the family and other individuals that may be present. In the case when it is not practical to seek consent from the patient because of incapacity or emergency or when the patient is not present, healthcare givers would be allowed to share the information with the friends or family members in their exercise of professional judgement. That notwithstanding, the doctor may determine that by doing it would of the best patient’s interest.
Another instance where doctors would be required to immediately disclose such information arises when the condition may pose a danger to others. Such conditions may include certain infectious diseases such as HIV, TB, syphilis and such must be reported to local or state public health agencies (Arora et al., 2014). Additionally if the healthcare providers become aware of the medical signs of an elder, adult or child mistreatment, neglect or abuse then they must undertake swift action to report such information to the relevant protective agencies. That notwithstanding conditions that may seriously impair an individual’s driving ability such as recent seizures or dementia must be reported swiftly to the department of motor vehicles.
Internet impact on the healthcare information security
It is vital to note that technology has affected every aspect of this modern society. In one way or another all industries have been affected but there is nowhere where its significant effect has become more pronounced than in the medical field. The widespread use of the internet has provided the patients with access to information which previously would have been partly derived from the doctors. The internet certainly has acted as a way that patients can use to verify whether the information provided by the healthcare givers is accurate (Freedman et al., 2016). Additionally technology has allowed for the placing of the medical health records in the electronic format, electronic patient records and has been made available to the end users through the internet. Further, advancement of sensor networks have made remote patient monitoring to become a reality.
It is further vital to highlight that the widespread use of internet has led to the transformation of various customer-oriented business models such financial and retail services (Arora et al., 2014). The healthcare sector has also in the recent times received widespread changes in the provision of health care services via mobile and internet technologies. Such services include e-prescription, online consultation, remote health monitoring, asset tracking and patient information access among others (Freedman et al., 2016). The recent advancements in web technology have resulted in healthcare organizations embracing new approaches to patient information management for instance health bank or banking on health. The health bank provides a platform that allows for the exchange and storage of patient health records. Additionally the launch of ‘Google health’ and ‘Microsoft health vault’ provide a good example of such systems. However despite such advancements in the web storage of health records such mobile based services and web enabled services have presented whole range of security risks which therefore hampers the personal privacy conferred by the HIPAA.
There has been increasing number researches that have focused on coming up with mechanisms that would tackle the security and privacy concerns that have emerged from mobile and internet healthcare applications. For instance there has been the advancement of a mobile based privacy preserving trust negotiation protocol that has been important in facilitating the trust between the various user devices in compliance with the set disclosure policies and predefined access control policies (Freedman et al., 2016). It is important to note that despite the advancement of internet use in the healthcare field there has been an increase in concerns and scenarios where mobile devices especially those that in the possession of patients are being tracked resulting to the unwarranted exposure of the patient particular locations.
There has been growing concern over the existing patients’ health record confidentiality and privacy. The connection of the patient’s health info to the internet has exposed the information to more hostile attacks than compared to the paper based medical records. The availability of information electronically has opened up opportunities for malicious attackers and hackers to access the patient’s records (Arora et al., 2014). Additionally there is a bigger challenge in ensuring that there is data integrity and security when compared to the conventional healthcare systems. This is especially for the sensor networks which are distributed in nature that are meant for the in home patient monitoring. Skimming and eavesdropping are the likely possibility when sensor info is wirelessly transmitted. Ultimately the prospective e-health success is very much dependent pm how efficiently patients can safely manage and obtain their information.
- Arora, S., Yttri, J., & Nilsen, W. (2014). Privacy and security in mobile health (mHealth) research. Alcohol research: current reviews, 36(1), 143.
- Choi, Y. B., Capitan, K. E., Krause, J. S., & Streeper, M. M. (2006). Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. Journal of medical systems, 30(1), 57-64.
- Freedman, R. S., Cantor, S. B., Merriman, K. W., & Edgerton, M. E. (2016). 2013 HIPAA Changes Provide Opportunities and Challenges for Researchers: Perspectives from a Cancer Center. Clinical Cancer Research, 22(3), 533-539.