The task of ensuring that the personal health information of patients is kept private, secure and confidential is an important principle for the healthcare professionals throughout the medical care history. Health care professionals continue to encounter the difficulties sustaining the security and privacy of patient information today. Such a task has expanded and become more complex as information has become widely distributed in computer systems. The ever-changing regulatory and legislative environment has increased the difficulty of this role.
This paper explores how the following regulations have influenced security and privacy of patient information: the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and Adjustments to the HIPAA Enforcement, Privacy, and Security Rules and the Health Information Technology for Economic and Clinical Health Act; final rule.
The HIPAA rule comprises a group of regulations that the federal government mandated and created to control the confidentiality of patient records in the healthcare sector (McGraw, 2013). The security law, a subsection of this rule, has rules regarding the security of health information and is applicable only to secured electronic health information. Most organizations employ information technology to keep patient records in an electronic form safe. The security regulation necessitates covered groups to implement specific technical, physical and administrative steps to secure electronic information (McGraw, 2013). These groups possess contracts with their external business contacts that emphasize the importance of those businesses to protect the protected electronic medical information they transmit, preserve, develop or receive for the entities they are allied to. The outcomes of failing to comply with the security regulation encompass the absence of a secure patient record, possible civil and criminal litigation as well as fines for failing to comply with regulations that the federal government mandates. Three basic ideas obtained from the administrative simplification provisions of HIPAA was the basis of the security rule. The first idea was that the regulation ought to be extensive and connected to deal with all security elements. Secondly, it ought to be accessible to ensure efficient implementation by covered entities. Finally, it ought not to be connected to specific technologies to enable it to be applied in future advancements in technology (Hiller, McMullen, Chumney & Baumer, 2011).
The privacy regulation, a subsection of the HIPAA, offers fundamental necessities to protect the general privacy of secure medical information irrespective of the kind of the information (for instance electronic, paper or verbal) (McGraw, 2013). The regulation safeguards the health records of patients as well as other health information that can be identified individually whether from the covered entities or their business allies. It also guarantees protected health information of patients by controlling the conditions by which covered entities may utilize as well as divulge secure health information. The rule required entities that are covered to have in place contracts or additional arrangements with their business allies. The regulation offers patients’ rights on their secure medical information, encompassing privileges to assess and receive a duplicate of their medical archives as well as to demand alterations.
The final regulation aims at strengthening security and privacy regulations by lengthening HIPAA compliance to business allies together with their subcontractors (Wang & Huang, 2013). It also establishes new restrictions regarding the use as well as divulgence of secure medical data for fundraising and marketing objectives and prohibits the selling of reliable medical data without approval. It also enlarges patient rights to gain access to their secure health information by electronic means and offers easy accessibility to immunization archives from a covered entity to a learning institution. Besides, it eradicated HIPAA confidentiality protections for secured health information of people deceased more than five decades and prohibits the utilization of genetic data for underwriting objectives (Wang & Huang, 2013). Finally, it finalizes the necessity of breach notification and enlarges the right of a patient to get a limitation on specific disclosures regarding secure health information to medical plans.
- Hiller, J., McMullen, M. S., Chumney, W. M., & Baumer, D. L. (2011). Privacy and security in the implementation of health information technology (electronic health records): US and EU compared. BUJ Sci. & Tech. L., 17, 1.
- McGraw, D. (2013). Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data. Journal of the American Medical Informatics Association, 20(1), 29-34.
- Wang, C. J., & Huang, D. J. (2013). The HIPAA conundrum in the era of mobile health and communications. JAMA, 310(11), 1121-1122.