Tuesday, March 24, 2020

HIPAA Research Paper Essays - Law, Health, Data Security

HIPAA Research Paper The HIPAA history starts on 21st August 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was signed into law as an Act to "improve the portability and accountability of health insurance coverage" for employees between jobs. Other objectives of the Act were to combat waste, fraud and abuse in health insurance and healthcare delivery. The Act contains passages to promote the use of medical savings accounts by introducing tax breaks, provides coverage for employees with pre-existing medical conditions and simplifies the administration of health insurance. The procedures for simplifying the administration of health insurance became a vehicle to encourage the healthcare industry to computerize patients' medical records. This particular part of the Act spawned the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, which in turn lead to the introduction of the Meaningful Use incentive program - described by leaders in the healt hcare industry as "the most important piece of healthcare legislation to be passed in the last 20 to 30 years". PHI stands for Protected Health Information and is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment. ePHI is Electronic Protected Health Information and is All individually identifiable health information that is created, maintained. This includes PHI on desktop, web, mobile, wearable and other technology such as email, text messages, etc. This information is protected with Electronic Protected Health Information. The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule. The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this informati on "electronic protected health information" (e-PHI). The Security Rule does not apply to PHI transmitted orally or in writing. The Privacy Rule sets the standards for, among other things, who may have access to PHI, while the Security Rule sets the standards for ensuring that only those who should have access to EPHI will actually have access. The Privacy Rule requires covered entities to have in place appropriate administrative, physical, and technical safeguards and to implement those safeguards reasonably. As a result, covered entities that have implemented the Privacy Rule requirements in their organizations may find that they have already taken some of the measures necessary to comply with the Security Rule. The Security Rule provides for far more comprehensive security requirements than 45 CFR 164.530 of the Privacy Rule and includes a level of detail not provided in that section. As covered entities begin security compliance planning initiatives, they should consider conducting an assessment of the initiatives implemented for privacy compliance. The HITECH Act extends the imposition of both civil and criminal penalties under HIPAA to Business Associates, not just Covered Entities. As a general message of caution, this component of the health care industry should also take on the self-evaluation of existing policies, procedures and safeguards. Another aspect to the impact of HITECH on HIPAA is that OCR (Optical Character Recognition) was given the authority to enforce HIPAA Privacy and Security Rules and has been systematically investigating situations involving data breaches by health care providers. Since the enactment of HITECH thousands of breaches in the health care industry have been reported. Although penalties exist under current law, imposition is rare at this point. That said, two significant penalties were assessed in 2011 in excess of $1m and involved large health care organizations; it is expected that the occurrence will only increase in the future. The HIPAA violations can be expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time. Fines will increase with the number of patients and the amount of neglect. Starting with a breach where you didn't know and, by exercising reasonable diligence, would

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.