Health Insurance Portability and Accountability Act - Research Paper Example

?Health Insurance Portability and Accountability Act (HIPPA) Introduction Health Insurance Portability and Accountability Act (HIPPA) is a Privacy Rule set in 1 August 1996 by the United States Department of Health and Human Services (DHHS) to safeguard health information. Owing to transformation of medical records from paper system to electronic structure, the risk of access of people’s health information by other parties increased thus the need to execute laws for protecting such information. It deals with the use and exposure of a person’s heath information. The HIPPA aims at standardizing swapping of electronic data, safety, and confidentiality when dealing with health related data of individuals. DHSS is required by this Act to advance their electronic health transactions to a national level. Adoption of national standards electronic transactions would jeopardize privacy of individuals health information thus the congress integrated federal privacy protection for various kinds of information. The Act encompasses individuals, Health care employees as well as providers, employers, health plans and the security machineries to guarantee privacy of any sort of information that pertains to an individual’s health. The act has amplified utilization of electronic data exchange without unnecessary exposure of individual’s heath information. Affordable Care Act of 2010 enhanced the Act further. All heath plans are required to comply with the Act and those who fail to conform are penalised. This paper focuses on what the HIPPA entails, the entities covered by the Act and their responsibility in enhancing workability of the Act. The HIPPA encompasses the Privacy Rule as well as the protection Rule. The privacy rule gives patients more mandates on their heath information and its stipulations include the extent to which a patient’s health information can be disclosed (Beaver & Herold 247). The Acts also specifies the safeguards that health care providers must adopt to capitalize on protection of health information. Another provision is the penalties that violator of the act are liable to pay since they are responsible of controlling patients health data. However, the act also empowers the health providers to exchange data electronically for improved services. Patients are enabled to access their heath information and make accurate choices on their health and accessibility of their heath information. The act also ensures that employees continue enjoying health insurance coverage even after departure from an employer. The main aim of the Privacy Rule is to guarantee that a person’s health records are protected while ensuring the right individual accesses the information for improved health services (Murphy and Waterfill 12-15). The Act makes sure that persons access the right heath services and their heath information is not disclosed haphazardly. Nevertheless the Act allow sharing of Protected Health Information (PHI) without individual approval to authorities lawfully allowed to access the information for reasons such as control of diseases and law enforcement. The permitted entities are also legalized to reveal the Protected Health Information to bodies permitted by other laws for purposes such as protecting the welfare of public in aspects such as justice and law enforcement (Beaver and Herold 147; Kiel 30-33). Entities covered by this Act include the health plans, health care providers, as well as the health care clearinghouses. The heath plan encompasses the bodies or individuals providing services such as health bill payment akin to health insurers and personalities involved in diagnosis, treatment, alleviation, or disease prevention. Other entities considered part of Health Plan include government institutes such as Veterans Health Administration, Medicare, and Medicaid. The Health care Clearinghouses are the units concerned with billing, reprising companies and systems involve in standardization of data received from community health information. Health care providers comprises of health service givers such as physicians, hospitals as well as Clinics. Organizations or individuals involved in transaction such as day-to-day billing are considered as health care providers’ entity (Sullivan 104-106; Murphy and Waterfill 28). The HIPPA require that the persons, organizations or other entities covered by the Act be advised on their privacy rights as well as on the restriction pertaining to disclosure of individuals’ health information. The entities are also entitled to assume privacy policies and procedures as well as educating employees on the provisions of the Act. The entities are held responsible of ensuring that their business associates uphold the stipulations of HIPPA. The act demands that the entities create apposite measures, which could be administrative, technological, or physical to enhance safety of health information. The entities must however warrant that they meet responsibilities pertaining to health consumers (Beaver and Herold 45-47). The act endows several rights to individuals, which include access to Private health information, appeal for amendment of PHI, be notified of the parties that their PHI has been disclosed to, demand explanations on basis of disclosure and demand for restriction of their PHI to obligated entities. However, the entities covered under HIPP have the right to oblige to or disagree with such restriction especially in cases where emergency treatment is required (Sullivan 160-162). The Act also allows disclosure of PHI without Authorization in certain instances as well as certain entities though there is certain limitations the authorization insists. The limitations are embraced in Privacy Rules .Disclosure of PHI without individuals authorization is allowed if the information is required by laws, which could be federal, local, or state laws. The PHI can also be disclosed if required by Public health to accomplish duties concerning the public such as Public health surveillance, or in cases that require public health intervention (Kiel 25). Under certain situations such as when making reports on abuse and domestic aggression, PHI can be disclosed without the individual’s authorization. Law enforcement officials are permitted to access an individual’s PHI without consent to use it in purposes such as locating suspects, crime investigation or when tracing missing individuals. However, in case of investigations, the law enforcers are required to obtain a court order or some other form of legal authorization (Thacker Web; Kiel 15-17). Access of PHI without authorization is permitted for health research but with certain stipulations. The conditions that must be met by researchers seeking to access PHI include acquisition of waiver from institutional review board. The Act has boosted research due to accessibility of heath information and enhanced health services as well as other operations like terrorism preparedness, as well as improved exploration on disease outbreaks. Entities covered by HIPPA are entitled to limited disclose of PHI when participating in Judicial or governmental proceedings. Other permitted disclosures without authorization include in procedures involving tissue or organ donation and transplant (Thacker Web). If entities covered in the HIPPA have to disclose PHI to other bodies or persons, they are required to indicate the type of PHI disclosed, name of the persons or body disclosed to, and reasons behind the disclosure. In addition, they should ensure they inform the individuals of the revelation, indicate the date of disclosure, and explicate on the potentiality of the recipient revealing such information to other entities not covered by HIPPA (Sullivan 69-74). The disclosing entities are necessitated to consult the individuals and notify them of their rights to refuse revelation as well as revoke authorized disclosure. If an individual objects to disclosure, the objection should be obeyed unless other laws demands otherwise. However, such objection should not hamper provision of the health services to the individuals. Conclusion Individuals are entitled to limit disclosure of their Private Heath Information to entities not covered by HIPPA. Entities covered in the Act are however accountable and are liable to penalty in case they defy the provisions of the act. Certain persons and organization such as law enforcers, researchers, public health officials, and health insurers are permitted to access an individual’s PHI but under certain specified conditions and some entail meeting certain requirement to obtain such information. Certain circumstances also permit disclosure of PHI without an individual’s consent especially if the person or the health condition poses any threat to public health or welfare. Works Cited Beaver, Kelvin and Herold, Rebecca. The Practical Guide to Hipaa Privacy and Security Compliance. New York: Auerbach Publications, 2004. Print. Kiel, Joan. H. I. P. A. A. North Carolina: Lulu.com, 2006. Print. Murphy, Mike and Waterfill, Mark. The New Hipaa Guide for 2010: 2009 Arra Act for Hipaa Security and Compliance Law and Hitech Act Your Resource Guide to the New Security and Privacy Requirements. Indiana: AuthorHouse, 2010. Print. Sullivan, June. Hipaa: A Practical Guide to the Privacy And Security of Health Data. Chicago: American Bar Association, 2004. Print. Thacker, Stephen. HIPAA Privacy Rule and Public Health: Guidance from CDC and the U.S. Department of Health and Human Services. 2003. Web. 28 May 2012. Read More