Healthcare Policy Analysis: HIPPA Privacy Rules - Coursework Example

? Healthcare Policy Analysis Paper This paper intends to analyze the healthcare policy of HIPPA Privacy Rules. It can be apparently observedthat this particular legislation tends to address and mitigate the problem concerning the access of valuable information of the patients illegally. The legislation has not been effective in addressing the identified problems due to continuous revisions have been made in modifying the legislation. Overview The Health Insurance Portability and Accountability Act (HIPAA) was passed in the year 1996 by the United States Congress and is also acknowledged as the Kennedy- Kassebaum, which is named after two of the leading sponsors who played a decisive role in introducing the legislation. The main aim behind the formation of this healthcare policy is to provide free health insurance coverage to the people along with their families who are employed or unemployed. Additionally, the policy highlights the importance of forming a national standard which require to be considered while maintaining electronic healthcare dealings and identifying well known organizations providing best health insurance plans to the civilians of the US (U.S Government Printing Office, n.d.). However, continuous criticism from number of critics can be viewed regarding the way the data has been upheld by the healthcare segment, resulting in the formation of the HIPPA Privacy Rule. The rule was established with the prime motive of establishing national standards towards protecting individual’s medical based records and other individual health data. The rule requires appropriate standards to defend the privacy of individuals without gaining proper authorization from them. The rule also provides right over their health information, including right to examine and obtain a copy of their health report any time and also requests correction, if anything is found wrong on the report (U.S. Department of Health & Human Services, n.d.). With this concern, this paper intends to analyze and discuss the healthcare policy of HIPPA Privacy Rules. The paper would also identify the problems or the issues that the aforesaid legislation or the health policy endeavors to address and will examine on what group of people have been the most affected by the identified problems or issues. Furthermore, necessary and relevant information would be provided, if any, determining the future of the aforesaid legislation or the health policy. Discussion Problem/Issue that this Legislation Attempts to Address A privacy policy is regarded as a legal policy which restricts outsiders from accessing the data of an individual. With the rapid development in the technological aspects, it has been viewed that accessing valuable has become easier. Today, people can share data or transmit messages to other person residing in various parts of the world (National Council on Teacher Quality, 1994). The advent of advanced technological aspects has not only been viewed in manufacturing, automobile or information technology (IT) industry, but it can also be seen in healthcare segment as well. The introduction of pioneering technological aspects in healthcare sector has not only helped the physicians or the other healthcare professionals to introduce new treatment procedures, but also made quite easy for the people to maintain a well coordinated health report during an individual’s life span (Masys, 2013). In this regard, the healthcare report mainly includes certain vital information like name of the patients, geographical location, contact number, Social Security Number (SSN), bank account number, Internet Protocol (IP) address and other vital information of the patients. However, it has been viewed that there were no restrictions in the way data would were maintained. It can be affirmed that vital information about the patients could be accessed, causing much harm in safeguarding their respective interests. It was then become much vital for the government to implement new rule which would restrict the unauthorized access of the vital information of any individual, resulting in creation of the HIPAA Privacy Rule. It is a set of minimum standards that restrict the use and disclosure of protected health care information of an individual (University of Michigan, 2013). It is often determined that the individuals mainly rely upon the guidelines of both federal and state laws regarding the maintenance of their personal information across hospitals, physicians and business organizations. However, in most scenarios, it can be viewed that personal health related information of patients are often disclosed with outsiders or distributed amid different researchers without informing them or obtaining an approval. For instance, unless restricted by the state or the local law, any vital information of a patient held by a healthcare organization can be passed to a lender who would then deny certain practices of the patients. These can be the cancellation of a patient’s application for a home loan or restricting the employers to access vital information of their employees while taking personal decisions. In order to determine the problems or the issues that the legislation attempts to address, it can be affirmed that the main aim of this legislation is to establish a guard and protect the confidentiality of vital medical information. However, it is worth mentioning that any state law which implemented stronger privacy laws can continue to apply over and can consider it as their first priority above the HIPAA Privacy Rule (U.S. Department of Health & Human Services, 2006). It has been viewed that healthcare industry follows a strong tradition of safeguarding private health related information. However, in this present day context, the old procedure of recording data in hard copies has been replaced by modern technological aspects, providing opportunities to transmit information electronically. This rule provides clear principles that restrict any healthcare industry to provide data without prior permission from the individuals and also to protect personal health information effectively (U.S. Department of Health & Human Services, 2006). History of the HIPAA Privacy Rule The implementation of HIPAA Privacy Rules on August 21, 1996 especially in healthcare sector tends to ensure that effective healthcare related practices are delivered more efficiently and the number of healthcare coverage in the US is raised at large. The objectives of the Privacy Rule have been divided into three main provisions viz. the probability, the tax and the administrative simplification provision. The HIPAA Privacy Rule is considered under the third provision. It was viewed that the administrative generalization facility suggested the Secretary of the U.S Department of Health and Human Service (HHS) to form number of principles that need to be followed while transmitting health information electronically in the early 1990’s in the US. The vital reason behind implementing the new guidelines can be stated as uplifting the use of electronic based information. However, the US government acknowledged that the increasing adaptation of electronic health information could negotiate the privacy of health information of an individual. Considering this, the privacy rules belonging to HIPAA represents the improvement of nationwide safety criteria, so that the use of electronic healthcare data classification is carried on without any criticism and simultaneously, the healthcare information of an individual are also maintained efficiently and effectively (Nass et al., 2009). Later, it was viewed that though there were certain modifications made imposing requirements on the use of health information, federal regulations concerning privacy relating to the health information of individuals was lacking. Considering the current demand, the Privacy Rule was developed by HHS highlighting the types of use and disclosures of personally identifiable health information that are stated in the provision. The body i.e. HSS firstly issued a proposed version of the privacy rule for the public in the year 1999. However, resulting from enormous volume of comments received from the civilians regarding the new amended regulation, the HIPAA Privacy Rule can be viewed to evolve through several iterations before the final version that was issued in the year 2002. It is worth mentioning that most of the healthcare industries within the country were asked to adapt the new version of HIPAA Privacy Rule by the year 2003, while small healthcare organizations were given an extended time of one year to accept it (Nass et al., 2009). The Privacy Rule directs that an individual has a right to receive proper notice regarding how a covered data is used and revealed, which facilitates to protect health information of the individuals. The Privacy Rule also considers their rights and obligations with respect to the recorded information. The Rule also makes quite mandatory that all covered entities must develop and distribute a proper notice to the individuals, providing a clear explanation of the rights and the practices concerning the recorded data. It can be affirmed that the notice must be intended towards focusing on individual privacy issues and also motivate them to have proper discussion with their health planners and providers (U.S. Department of Health & Human Services, 2003). Effectiveness of HIPAA Private Rules in Addressing the Problem or Issue Privacy is considered to be one of the most vital aspects in an individual life. It is often considered that privacy is meant for diverse aspects to different people. Most people considered privacy to be an aspect which determines their identity as an individual. Yet, many critics and scholars find it difficult to define the perfect meaning of privacy. It can be stated that because of its complexity, the concept of privacy has been in discussion from the past. Today’s modern world considers privacy as a state wherein others do not have access to one’s vital information or identity. The HIPAA Privacy Rule is often considered to impose positive along with negative impacts on the release of patients’ information by any healthcare facility. Although, the main intention of the rule is to protect patients’ privacy, promoting security along with confidentiality can also be fulfilled through the execution of the rule. However, there are several significant aspects that have risen from the implementation of the rule in the healthcare sector. These aspects comprise how health information management (HIM) professionals should implement HIPAA regulations in the healthcare sector, what problems have been encountered during the implementation and what facets have forced the healthcare personnel to release vital health information of the patients to the outsiders. Number of studies has been conducted to gain an idea about the effectiveness of the legislation in addressing the identified problems or issues. Below is a case study which has been conducted to highlight and identify the effects along with the intensity of the HIPAA privacy rule on the release of patient’s information by healthcare facilities (Houser & et al., 2007). Case Study. In a research study conducted amid 70 respondents associated with the healthcare industry, it can be viewed that when asked to focus on barriers and problems that have arisen resulting from the implementation of the privacy rule of HIPAA, 25 of the respondents gave non-redundant responses. Again, examination of the best prioritized response from the NGT meetings indicated that agreement amid the healthcare centers and other third party is considered to be one of the crucial barriers, resulting in release of vital healthcare information of the patients. Furthermore, the complexity of HIPAA was faced by several individuals that do not possess a better knowledge about the newly amended rule, resulting in making wrong decisions by the healthcare personnel (Houser & et al., 2007). Considering the above mentioned case study, it can be stated that lack of proper knowledge concerning the ethical obligations of consumer privacy protection of health information system has resulted in creating critical problems or issues at large. The awareness amid the healthcare personnel relating to the importance of securing vital data may reveal the effectiveness of the rule in addressing the problems. Thus, it can be stated that the amendment of the HIPAA Privacy Rule in the healthcare industry has helped in mitigating the growing issue of privacy concern amid the group of individuals by a certain degree. Moreover, it can also be affirmed that the legislation does not become much effective in addressing the problems for which it require formal education and training for handling the data of the general public. Like most standards, the training requirement of the rule may be non-prescriptive, as it can be stated that data are usually stored to provide effective suggestions by consulting old data. This may provide healthcare organizations the flexibility of implementing the rule according to their need. Subsequently, a minor revision in the rule was made in the year 2009 making the practice of providing training compulsory as a part of the Health Information Technology for Economic and Clinical Health (HITECH) Act. It also provided a guideline to cover entities while implementing the training standards required for effective implementation of HIPAA (The American Health Information Management Association, 2003). Groups of People Have Been the Most Affected by the Problem The legislation or the healthcare policy of HIPAA Privacy Rule is believed to be one of the most well discussed topics in the US. Many critics do believe that the privacy rule amended by the HIPAA may act as a barrier for individuals while adapting data for conducting future research studies. However, it is worth mentioning that the rule applies only to covered entities, not considering persons or institutions that gather independently distinguishable health information. It has also been predicted that the rule may affect other types of entities who are not directly regulated by the law, if they rely on covering entities to provide public health related information. Medical research is duly considered to be increasing at an alarming rate which uses gathered data from patients’ medical records in order to make key discoveries about the value of certain treatments. However, it has been viewed that the data gathered for consulting research studies are sometimes misused which often causes major harm to the person whose data has been revealed by healthcare centers. It is strongly believed that the people belonging to the middle and upper class society who seemed to be associated with government firms or are well known within the society were mostly affected by the problem of revealing their valuable data to the outsiders without their permission. For instance, in the year 2012, 1st response Medical Transport Corp. faced a breach or privacy Act that is believed to have affected in excess of 550 individuals. Furthermore, it is viewed that the breach was conducted from a desktop computer for stealing vital information such as SSN number, license number and other vital information of the individuals. Again in the year 2013, Advocate Health and Hospital Corporation, d/b/a Advocate Medical Group faced a data breach scenario which almost affected 4 million patients (1. U.S. Department of Health & Human Services, 2013). On further investigations, it is observed that 4 computers were stolen from the campus of the administrative building of the hospital. The information mostly comprised the patients name and SSN. It is worth mentioning that the association stated that no medical records or personal financial information of any individual who was treated or being treated had been recorded with the medical group since the early 1990s. It is considered that the organization is acclaimed to be one of the largest healthcare centers in the whole region with more than 1000 doctors. It is located in more than 200 locations in the country. The authority of the association confirmed that although the system was password protected, it was not encrypted. However, the organization had offered a free year of credit monitoring service to those individuals whose information may have been exposed as such data could be used to access credit cards or open cell phone accounts in the name of those patients (Frost & Wernau, 2013). Future of the Privacy Rule of HIPAA The main objective behind the establishment of the Privacy Rules of HIPAA was to establish effective federal principles for protecting the privacy of individually distinguishable health information. It legislation states the condition under which protected health information may be used or disclosed for conducting future research studies. The application of the Privacy Rules has defined numerous standards through which people would be informed about how an individual data would be disclosed for further research purpose. Additionally, research has been conducted for protecting the privacy of individuals in order to ensure that the data utilized has been used in accordance with the preset norms (2. U.S. Department of Health & Human Services, 2013). The privacy rule of HIPAA has faced numerous challenges that are creating a barrier in the development process of establishing new treatment procedures in the health care industry. For instance, in terms of practice for a physician, the proposed guidelines prohibit a covered entity to be used without prior permission from the patients. This sometimes involves a long procedure which often results in creating a delay in providing required treatment (Schoppmann, n.d.). Additionally, it has also been viewed that though the privacy right might be violated, no individual can sue companies and is only allowed to lodge a complaint against the company in United States Department of Health and Human Services. Companies may require hiring extra employees to maintain all the requirements of HIPAA. It is worth mentioning that large size companies require dedicated staffs as negligence in the work assigned may affect the lives of several individuals (Finweb.com, n.d.). Large research institutions that are associated with conducting proper medical research for introducing new medical treatment procedures are finding much harder to conduct adequate research. This is because no adequate data are available after the implementation of the rule in the healthcare sector (Steinberg, & Rubin, n.d.). Numerous modifications have been made to meet the rising issues relating to the Privacy Rule of HIPAA. For instance in the year 2009, the Health Information Technology for Economic and Clinical Health (HTECH) Act was legislated with the American Recovery and Reinvestment (RAR) Act of 2009 to promote the adaption of the Privacy Act (U.S. Department of Health & Human Services, 2009). Recently, it has also been viewed that the US government has enforced the requirement to modify certain rules published in the Federal register (U.S. Department of Health & Human Services, 2013). Thus, it can be stated that though the Privacy Rule has helped in maintaining the privacy of individual data. It has also been viewed that several issues or problems have been raised from the implementation of the rule and the legislation is endeavoring to address those effectively. Therefore, if proper modifications are made considering the mitigating of the above mentioned issues or problems, the legislation would have a better future in upcoming days. The modifications would certainly support the groups of people who have been mostly affected by the recognized problems. References Frost, P., & Wernau, J. (2013). Personal data of 4M patients at risk after Advocate burglary. Retrieved from http://articles.chicagotribune.com/2013-08-23/business/chi-advocate-health-break-in-20130823_1_credit-report-advocate-medical-group-advocate-health-care Finweb.com. (n.d.). 5 disadvantages of HIPAA. Retrieved from http://www.finweb.com/insurance/5-disadvantages-of-hipaa.html#axzz2iiKg56aU Houser, S. H., Houser, H. W., & Shewchuk, R. M. (2007). Assessing the Effects of the HIPAA Privacy Rule on Release of Patient Information by Healthcare Facilities. Perspectives in Health Information Management, 4(1), 1-11. Masys, D. R. (2013). Effects of current and future information technologies on the health care workforce. Retrieved from http://content.healthaffairs.org/content/21/5/33.long Nass, S. J., Levit, L. A., & Gostin, L. O. (2009). Beyond the HIPAA privacy rule: enhancing privacy, improving health through research. Washington (DC): National Academies Press. National Council on Teacher Quality. (1994). Policies. Retrieved from http://www.nctq.org/docs/79.pdf Steinberg, M. J., & Rubin, E. R. (n.d.). The HIPAA privacy rule: lacks patient benefit, impedes research growth. Retrieved from http://www.aahcdc.org/Portals/0/pdf/AAHC_HIPAA_Privacy_Rule_Impedes_Research_Growth.pdf Schoppmann, M. J. (n.d.). HIPAA privacy rules: the future impact for physicians? Retrieved from http://www.drlaw.com/uploadedfiles/34/3451e240-7ff9-4f2e-9b54-c24c06c2726a.pdf The American Health Information Management Association. (2003). HIPAA privacy and security training (updated). Retrieved from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_048509.hcsp?dDocName=bok1_048509 University of Michigan. (2013). Why HIPAA? Retrieved from http://www.sph.umich.edu/faculty_research/hipaa/why_hipaa.html 1. U.S. Department of Health & Human Services. (2013). Breaches affecting 500 or more individuals. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html 2. U.S. Department of Health & Human Services. (2013). Research. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/research/ 3. U.S. Department of Health & Human Services (2013). Statement of delay in enforcement of HIPAA requirement for certain CLIA and CLIA-Exempt laboratories to revise their Notices of Privacy Practices (NPP). Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/enforcement/clia-labs.html U.S. Department of Health & Human Services. (2009). HITECH act enforcement interim final rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html U.S. Department of Health & Human Services. (2006). Why is the HIPAA privacy rule needed? Retrieved from http://www.hhs.gov/hipaafaq/about/188.html U.S. Department of Health & Human Services. (2003). Notice of privacy practices for protected health information. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/notice.html U.S. Department of Health & Human Services. (n.d.). The privacy rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/ U.S Government Printing Office. (n.d.). S. 1028. A Bill, 1-45. Read More