Our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. If you find papers
matching your topic, you may use them only as an example of work. This is 100% legal. You may not submit downloaded papers as your own, that is cheating. Also you
should remember, that this work was alredy submitted once by a student who originally wrote it.
From the paper "Technology and HIPAA Privacy Regulations " it is clear that generally speaking, the HIPAA privacy and security rules have been proved a catalyst for a whole series of technological improvements in data storing, processing and transmission…
Download full paperFile format: .doc, available for editing
Extract of sample "Technology and HIPAA Privacy Regulations"
TECHNOLOGY AND HIPAA PRIVACY REGULATIONS: THE PROBLEM BECOMING THE SOLUTION. Department TABLE OF CONTENTS PAGE
EXECUTIVE SUMMARY...............................................4
Introduction...........................................................4
History...................................................................7
Impact on Technology............................................7
Conclusion..............................................................11
GLOSSARY OF TERMS.....................................................12
APPENDIX 1.......................................................................13
APPENDIX 2........................................................................15
List of Figures
1. Health Information Security System Architecture.
Executive Summary
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has been a great leap forward in protecting the patients rights by putting restrictions on the health data flow and usage. The renewed sense of privacy and security in health care sector attributed to it by this new legislation had its unique impact on technology as well. A whole set of technological applications evolved making possible a new way of handling data. But the threats to privacy and security that emerged from the very use of this new technologies, has to be addressed by technology itself. In this manner, health care information architecture and technology are seen as co-evolving to provide quality and ethical health care to all. To cope with the re-identification risk, more technological improvements have to be looked at.
Technology and HIPAA Privacy Regulations: The Problem Becoming the Solution
Introduction
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Privacy and Security Rules under it, are meant to protect the many aspects of privacy and security of the health care services customer.1 The rules which protect privacy under this act are, the HIPAA Privacy Rule, that takes care of the privacy of the “individually identifiable health information”, the HIPAA Security Rule, that has delineated certain country-level standards for keeping secure “electronic protected health information”, and thirdly, the rules regarding the maintenance of confidentiality in accordance with the Patient Safety Rule.2 The HIPAA Privacy Rule is actually a sub-clause of the Administrative Simplification Subtitle, that comes under HIPAA.3 The Protected Health Information (PHI) of a patient are “patients name, address, contact number and the information related to the medical record.”4 Similarly, the security regulations under HIPAA promise that patients have the right to know how their individually identifiable health information are stored and used, technologies like encryption are used while processing and transmitting such data, and patients are given the “cryptographic keys” to their such personal data, “data integrity” is maintained strictly.5 Below given is a health system security architecture that gives a general view of how it is maintained in many health system information processing systems:
Figure.1: Health information security system architecture.6
As shown in the above figure, the corporate networks, data bases and the Internet together are handling the individually identifiable health data of each and every patient. As it is evident that each of these interfaces pose a potential threat to data skimming and eavesdropping, there is a need to foolproof technology and go on updating the process.
History
The whole discourse regarding privacy in health care sector started when the industry shifted to storing all patient data and transactions electronically so as to attain a considerable reduction on expenditure side.7 There have been a number of incidents in which computers that stored health data were either “stolen or misplaced.”8
The privacy rule has strict provisions to regulate how “personally identifiable health information” is used, and to whom it is disclosed, in the process of health data transactions as well as research.9 The HIPAA rules have made it mandatory that “individually identifiable health information” is disclosed only in the “context of treatment.”10 Also, the rules ensure that patients have full access to their medical records except in some very rare situations.11 For the rules, the Office of Civil Rights is the enforcement agency.12
Impact on Technology
The major technologies that have happened in health care sector are “Electronic Patient Records (EPR) and the use of sensor networks for remote patient monitoring.”13 The need for storing and processing individually identifiable health data has resulted in the development of Integrated Digital Hospital (IDH) by Intel.14 This is a technology that helps to provide better health care services through “linking people, processes, and technologies.”15 This technology is a combination of “mobile point-of-care (MPOC) and other information technology.”16 Yet another technology development project is, The Information Technology for Assisted Living at Home (ITALH).17 This ongoing project is being carried out at University of California with an objective to enable monitoring of patients at home using “sensor networks”, that incorporate especially, “wearable sensors”.18 Another wearable sensor model being developed by Kansas State University is described as “Wide Area Body Networks (WABN) Infrastructure.”19 These are envisaged to be used for monitoring patients at home.20 All these new uses of information technology have been highly useful in improving patient care and better handling of patient data but also has given rise to a new set of privacy and security concerns.21 One recent development in the medical field has been the availability of genomic data and their entry into medical records.22 But it has been already pointed out that the existing privacy protection technologies are insufficient to ensure the desired level of privacy under the HIPAA rules.23 This applies to other categories of health data as well.
The impact of HIPAA privacy rules on technology are manifold. One development has been that a demand for “privacy-enhancing techniques” is raised from various circles.24 While using any technology for the purpose of storing and processing health data, it become mandatory that “data security standards” are formulated and adhered to.25 For example, a need arose for all the computers and all the crucial data inside them to have some kind of “encryption”.26 Encrypting data at both “hardware” and “software” levels can ensure that there is no “eavesdropping and skimming” of data.27 TiniSec is one such encryption technology that has been used by “many medical sensor systems.”28 Another technological improvement that was brought about by the need for privacy and security of individually identifiable health data is “authentication algorithms developed such as passwords, digital signatures, and challenge-response authentication protocol.”29
A hybrid public key infrastructure (HPKI) solution has been proposed by Jiankun Hu, Hsiao-Hwa Chen and Ting-Wei Hou (2010) to technologically implement the privacy and security regulations under HIPAA.30 This is yet another technological evolution that has been made as a response to the privacy needs in health sector. This system includes, a registration mechanism by which , a smart card would be issued to the patient “which contains the patients private-public key pair and other basic data.”31 It is also being suggested that for greater privacy and security, “a biometric authentication system” can be incorporated into this smart card.32 In the same manner, the medical personnel who handle this data will also be given a key pair through a similar process of registration.33 The future in this regard has been proposed to have better methodologies including separation of textual data and image data within a given Personal Health Information data set.34
When using cloud computing for data storage and transmission also, new challenges had emerged regarding privacy and security. As cloud computing is a shared data storage mechanism, and also because the data is stored in a remote location server, the danger of breeches are high.35 The system designers, in this context, have been asked to keep in mind the “privacy practices”, namely, keep as little personal information as possible in the cloud, ensure maximum security to whatever personal information is stored in the cloud, have provisions for maximum command ensured for the user, make it flexible enough for the user to have choices, set specific parametres for data use, and have provisions for feedback.36 Privacy Enhancing Technologies (PETs) have also been in use to enhance security in cloud computing.37 But it has been acknowledged that “more fluid design specifications” are needed to address the issue in totality.
Conclusion
The HIPAA privacy and security rules have been proved a catalyst for a whole series of technological improvements in data storing, processing and transmission. When in the future, more crucial health data related to areas like genome identification and stem cell technologies emerge, higher would be the need to fool proof those technologies. The impact of HIPAA privacy and security rules on technology will continue to endure.
Glossary of Terms
HIPAA: The Health Insurance Portability and Accountability Act is a legislation made in 1996 by the US Congress to protect the health insurance coverage of workers when they shifted jobs from one firm to another. This act has also provisions under it that ensure privacy and security of personally identifiable health data.
EPR: Electronic Patient record – patient data stored in digital form and managed through electronic systems and networks.
PHI: Protected Health Information – Data of patients that is personally identifiable.
IDH: Integrated Digital Hospital- Interoperable, standards-based digital technology that provides complete solution to health data processing needs.
MPOC: Mobile point-of-care- Integrated computing system that makes available immediate information at the point of care.
ITALH: Information Technology for Assisted Living at Home- Computing network for monitoring patients at home.
WABN: Wide Area Body Networks- Computing systems connected to wearable devices for monitoring patients in mobility.
HPKI: Hybrid Public Key in Infrastructure- Network system that ensures maximum security in storing and processing personal data.
PET: Privacy Enhancing Technology- Tools, applications and mechanisms that can be built into online networks to ensure privacy and security.
Appendix 1
Bibliography
Annas, George J., “HIPAA Regulations: A New Era of Medical-Record Privacy?”, The New
England Journal of Medicine, 348.15. (2003): 1487.
“Health Information Privacy”, US Department of Health and Human Services,
http://www.hhs.gov/ocr/privacy/
Hu, Jiankun, Hsiao-Hwa Chen and Ting-Wei Hou, “A Hybrid Public Key Infrastructure Solution
(HPKI) for HIPAA Privacy/Security Regulations”, Computer Standards & Interfaces, 32.
(2010): 274-280.
Malin, Bradley A., “An Evaluation of the Current State of Genomic Data Privacy Protection
Technology and a Road Map for the Future”, Journal of American Medical Information
Association, 12. (2005): 28-34.
Meingast, Marci, Tanya Roosta and Shankar Sastri, “Security and Privacy Issues With Health Care Information Technology”, (paper presented at the 28th Annual International Conference of the IEEE, New York, 30 August 2006- 3 September 2006).
Nass, Sharyll J., Laura A. Levitt and Lawrence Ogalthorpe Gostin, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, (Washington D.C.: National Academies Press, 2009), 56.
Pearson, Siani, “Taking Account of Privacy When Designing Cloud Computing Services”, (paper presented at the ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, 23 May, 2009).
Rockel, Kathy, Stedmans Guide to the HIPAA Privacy Rule, (Philadelphia: Lippincott Williams & Wilkins, 2005), 3.
Appendix 2
Web Site Resource Summary – URL, Site name, content summary, company or org.
1. US Department of Health and Human Services website http://www.hhs.gov/ocr/privacy/
Read
More
Share:
CHECK THESE SAMPLES OF Technology and HIPAA Privacy Regulations
Services was required to enact final privacy regulations, and this was to be done within 42 months of the effective date of the HIPAA (Kutzko, Boyer and Thoman 407).... After prolonged review, comment and revision, these regulations were made effective for large healthcare entities in April 2003 and for the smaller healthcare providers in April 2004.... This Act establishes regulations in the area of disclosure and use of protected health information (Roitman)....
This paper will examine the impact of HITECH and hipaa regulations on future healthcare systems, defining how regulations will alter the implementation and ongoing use of software systems.... This paper will examine the impact of HITECH and hipaa regulations on future healthcare systems, defining how regulations will alter the implementation and ongoing use of software systems.... HITECH and hipaa standards will allow for the adoption of smart cards to provide intense security....
"Healthcare Policy Analysis: HIPPA privacy Rules" paper observed that this particular legislation tends to address and mitigate the problem concerning the access to valuable information of the patients illegally.... The privacy rule of HIPAA has faced numerous challenges that are creating a barrier in the development process of establishing new treatment procedures in the health care industry.... However, continuous criticism from a number of critics can be viewed regarding the way the data has been upheld by the healthcare segment, resulting in the formation of the HIPPA privacy Rule....
In an excellent article named, Integrating privacy and security: coordination benefits HIPAA compliance efforts, the author Alder explains, even after a number of years have passed for the deadline compliance with HIPPA, ‘By summer 2006, only 39 percent of respondents to an AHIMA survey reported that their facilities were in full compliance with the hipaa privacy regulations' (Adler, 2008).... The Practical Guide to hipaa privacy and Security Compliance.... Also with the continuous growth of the technology and the need for higher security, the introduction of the HIPPA has been a blessing in disguise in a number of ways....
As a result of HIPAA regulations, a series of transaction codes were created, so that the information that is shared can be tracked and categorized (Wiener & Gilliland, 2011).... The medical institutions need to make certain that the privacy of the person is kept confidential.... This law aims to save the privacy of the information related to the health of the patient by forming the minimum federal standards of how the health care providers may disclose this form of details (Thompson et al....
The author of "The Effects of Federal Laws and regulations on the Practice of the Profession of a Psychologist" paper takes a close look into the areas of Health Insurance Portability and Accountability and Family Educational Rights and the Privacy Act.... Technically, the enactment of the HIPAA is intended to help the psychologists keep maintain the privacy of information by providing guidelines in record-keeping and maintaining the confidentiality of information generated in a patient-psychologist relationship....
The paper "The hipaa privacy Standarts" discusses that Protected Health Information (PHI) is medical facts attained by crisis staffs during patient consideration and treatment or similar facts provided to HIPAA by another organization for the same reason.... State regulations providing added protections to clients are not influenced by this new law.... Covered Direct Treatment Providers must offer the notification to the person, not after the date of first service deliverance (Standards the 14th April 2003 fulfillment date of the privacy Rule) and excluding in an urgent situation, make a good faith attempt to acquire the person's written recognition of receipt of the notification....
It is evidently clear from the discussion that hipaa Security Rule assigns the control and monitoring over Administrative Safeguards to a security officer, who responsibility is to develop and implement the policies and procedures (gap analysis, logs audit, etc).... The paper discusses what Security Rule measure each corrective action element falls under and why and for each of the '5' corrective action elements mentioned in the real world case, discusses where these corrective actions fall within the Security Rule requirements and why....
4 Pages(1000 words)Research Paper
sponsored ads
Save Your Time for More Important Things
Let us write or edit the term paper on your topic
"Technology and HIPAA Privacy Regulations"
with a personal 20% discount.