Health Insurance Portability and Accountability Act - Research Paper Example

The Effects of Health Insurance Portability and Accountability Act (HIPAA) on Healthcare Management Information Systems Health Insurance Portability and Accountability Act (HIPAA) This is a law intended to improve the effectiveness and efficiency of the health care system of the nation. The act required the department of health and human services to adopt national standards for electronic health care transactions and code sets, security, and unique health identifiers, all under the administrative simplification. The laws are classified into five titles, which are; administrative simplification that is aimed at preventing fraud and abuse in health care, revenue offset provisions, group health plan provisions and tax-related health provisions. Accountability in the act means fighting fraud in insurance claims. This is done through computer software. Insurance portability reduces or regulates the exclusions used by insurance companies, facilitates purchase of insurance, and facilitates credits for past insurance. The act does not affect any insurance cost, but works towards affordable insurance in the system. The privacy rule has guidelines concerning administrative requirements, the patients’ rights to review and amend their medical records, and flow of information. This applies to all paper, electronic and oral communications that are individually identifiable. The security rule requires a covered entity to implement physical, administrative and technical safeguards; to make certain confidentiality, availability and integrity of electronic protected health information. The transaction rules offer guidance on how to handle HIPAA covered transactions. The rule only applies to covered entities that electronically transmit any health information with HIPAA transactions. There are also requirements to adopt operating rules for a standard electronic funds transfer, and a unique standard health identifier (American Medical Association, p, 9). The Effect of HIPAA on Information Systems HIPAA has rules that information systems or departments have to comply with in the process. Compliance requires training of employees. Training is an integral part of implementation of HIPAA procedures. According to Arora and Pimentel, it forms a large part of expenses and budget. Employees should be trained on how they will protect the patient’s privacy. As at 2003, the estimated cost of training employees was around $16 per employee. This may have increased or reduced depending on developments made over time (Arora & Pimentel, p, 13). There are also administrative costs incurred when implementing HIPAA rules. These are costs used for handling additional paper work that comes with HIPAA regulations and redesign of business processes to suit HIPAA requirements. According to HIPAA rules, patients must be satisfactorily informed of their rights, and their signatures must be documented to show proof of their knowledge about the policy. This requires some costs, for example; costs incurred when classifying the records, printing, and creation of the patient’s form. Administrative costs also arise from re-evaluation of contracts and business associates to ensure that privacy practices are complied with (Arora & Pimentel, p, 14). Compliance with HIPAA regulations and requirements will require implementation of technical security. This means that HIPAA increases the technical security costs that an IT department or system incurs. These include costs incurred in implementation and purchase of computers, networks, and software systems, which are important in maintaining privacy of digitized private information. HIPAA security standards require implementation of physical, administrative and technical safeguards, which will prevent unauthorized alteration, access, transmission and deletion of electronic patient health information (Arora & Pimentel, p, 15). HIPAA also increases physical security costs that a health care management information system has to incur. Information system or department has to plan for cameras, locks, and next generation technologies. An example is the use of biometric technologies for single sign-on solutions. This technology is accurate in identification of individuals for security purposes (Arora & Pimentel, p, 16). HIPAA requires protection of private health records whenever they are stored or transferred. Because of this, compliance is a rooted feature in IT culture. HIPAA affects all features of information technology operations. This includes storage, messaging, networking, virtualization, and any feature that involves electronic patient health information records management. Any information technology department or information system that needs to comply with the HIPAA regulations must produce evidence of security measures. These measures are taken to protect the features of information technology operations (Whitman et al, p, 94). So many factors affect work design, security system, and management of any hospital or health care information system. The health care has the mandate to show the ability to provide security and confidentiality, through standardised mechanisms of health care related data. The institutions should involve re-examining security measures as described by the HIPAA to ensure appropriate and reasonable protection of electronic patient health information. Also, bring detailed auditing, control and visibility of data transfer. It is advisable to minimize cases of stealing of data for financial gains and ensure compliance with HIPAA rules by the organization’s workforce. Conduct risk analysis to identify threats to the electronic patient health information that are created, transmitted, received and maintained by the organization. The department should ensure patient information stored and handled electronically is protected against such threats. Work towards protecting patient information against disclosures and unauthorised uses. This should include prevention of the use of removable devices to erase confidential patient medical records from the organization’s system. Offer integrity, confidentiality and availability services that ensure safety of medical records. This can include encryption of medical records. It is essential to develop a structure to ensure all the guidelines mentioned above are followed. The framework should have needs for the safety and management of sensitive data. Also, it should have management guidelines, implementation tools, control objectives, audit guidelines and a structure. Compliance with HIPAA requirements can be approached through refinement of department procedures and policies, flow analysis, self-assessment and risk analysis. Information system or department must be ready to implement software and computer systems that will track entry and exit of data, and departure or entry of employees with access to sensitive information. In order to comply with HIPAA requirements, an information system or department needs the resources to catalog all the information system components that network with protected health information in the department. Information systems manager has to be aware of the weaknesses and capabilities of the organization’s information system in order to determine the level of security risk. These require suitable information technology environments with appropriate components. Some components used in such environments are; hardware, network components and software. These affect the cost of managing, the style of management, work design, security system and other factors involved in the management of information system. Different hospitals and institutions have different information systems depending on management styles, operations, organizational management strategies and so on. It means that they have different software, hardware and network systems used to manage operations. These are the determining factors to the type and scope of security systems established, work design developed and management strategies taken (Kibbe, 1). Conclusion It is evident that new technological developments and provision of effective and efficient health care are some of the factors that led to the development of HIPAA. This act protects patient health information in various ways and provides guidance on health insurance activities to enable access to insurance for those who can afford it. HIPAA has changed the health care practice, and it is influencing the direction of healthcare practices so that the patient and the practitioner get the best. It is important for organizations to comply with HIPAA rules. Compliance requires expertise, planning and manpower. When introduced to a hospital’s information system, it affects the cost of managing the department. HIPAA also requires some guidelines to be followed for its rules to be implemented. When these are also introduced to an information technology system, it affects the work design, security system, information technology operations and management in general. HIPAA affects information systems through its requirements that mandate information technology departments to have specific hardware, software, network systems, and many more information technology resources necessary for accomplishing the aims of HIPAA. Works Cited American Medical Association. HIPAA: Health Insurance Portability and Accountability Act. 2012. Retrieved on 20th November 2012 from: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act.page Arora, R. & Pimentel, M.. Cost of Privacy: A HIPAA perspective. Privacy Policy, Law and Technology. 2005. Retrieved on 20th November 2012 from: http://lorrie.cranor.org/courses/fa05/mpimenterichaa.pdf Dwyer. S, J., Weaver, C & Hughes, K, K. Health Insurance Portability and Accountability Act. Retrieved on 20th November 2012 from: http://www.cs.virginia.edu/~acw/security/HIPAA.pdf Kibbe, D, C. Ten Steps to HIPAA Security Compliance. Family Practice Management. 12.4 (2005):43-49. Retrieved on 20th November 2012 from: http://www.aafp.org/fpm/2005/0400/p43.html Whitman, M, E & Mattord, H, J. Principles of Information Security. 4th Ed. Boston, MA: Cengage Learning, 2011. Print. Read More