The Importance of Privacy and Compliance - Coursework Example

Importance of Privacy and Compliance Medical Information There are several laws that affect the way employers, insurance firms, and respective healthcare units handle medical information. These laws limit healthcare official from sharing medical information with other parties without seeking the consent of the patient or the owner of such information. Medical officials are likely to face ethical dilemmas and possible prosecution if the treatment of the patient’s medical records amount to breaches of privacy rights. The care of medical data is solely under the medical professionals and the respective hospitals. To access medical data, the institution or the individual seeking this information liaise with the owner. In essence, statues on treatment of medical information tends limit the hospital and any other party from accessing such information. The Health Insurance Portability and Accountability Act (HIPPA) provide a guideline on how to handle health information of clients. Organizations have records concerning health of their clients. The provisions of this Act enable employees to correct health information deposited in the company. Moreover, it protects the privacy of the employees. In case, the company gives incorrect health information about their employee, the victim may sue the company on grounds of breach of privacy. Another law that affects handling of private information is Gramm-Leacg-Bliley Act (GLBA). This legislation dictates that the company should give its clients notice about privacy. In case the company changes the rules of handling client’s information it should provide notice of the same. The mechanism stabled for protecting client and the business is adequate in limiting privacy breaches. Handling Privacy Information by Third Party Administrator Treatment given to employee private information significantly affects the company. In case, the company has outsourced a third party administrator to run the self-insured portion plan, the contractor can obtain private information of the employees including health. Nevertheless, depending on the kind of agreement between third party administrator and the contractor, the third party (TPA) might give or conceal information on employee’s health. TPA is only liable to violation of employee’s privacy when it performs the full function of the managing the private health insurance and health information of the employee. However, when contracting company has limited the TPA’s duty paper work only, the court would hold the employer liable for privacy breaches on employees’ health data. In the case of Arango v. Work & Well, the plaintiff sued the TPA for violating his health information rights under HIPPA (Clack 187). The TPA granted the petitioner four weeks leave without considering the request of the employee with respect to his health data. The jury noted that the TPA ought to have considered the health condition of the employee as he has provided for in the health data under HIPPA. Further, the TPA should consider health data of the employee before granting medical leave because the data would affect the period of health leave. If the TPA ignores this condition, the victim can sue the TPA under HIPPA. However, when TPA does paperwork alone then the employer would be liable. The TPA plan would require the employees of the company that has outsourced the insurance service to provide personal data. The employees will sign the Service of Process Consent and Agreement form. The form contains the details of the employee, the nature of transactions that the insurance company would do to the employee. The TPA law defines the nature of relationship between TPA and the company contracting its services as well as a relationship between it and the clients it would covering. The law defining the relationship between TPA and the contracting company tend to limit the extent to which TPA can provide can share the client’s information as well as other activities that TPA can do on behalf of the company that has sought its services. First, the law allows TPA and to adjust the records of the employees as a greed between it and the employer. Adjustment of this records is instrumental in defining the nature of cover that the insured would be able to claim incase the insured has received medical treatment. Information that Employee Should Obtain From TPA Issues often arise over the extent to which the TPA is capable of covering the health bills of the patient. Thus, medical records of the employee covered by the TPA should reflect the same information as that intended by the employer. In case the records held by the employee is not same with the one held by the TPA, then the court might rule in favor of the employee. However, the law limits TPA from covering medical bills beyond its contract. In Pacific Shores Hospital v. United Behavioral Health, the employee of Pacific Shores sued the TPA for not meeting her medical bill. The court noted that the medical records of the employee and those held by TPA provided limited coverage of the medical expense. Thus, the case fell in favor of the TPA. The law tends to insist that the patient should have adequate information about the amount of cover given to him or her by the deal between the TPA and his or employer. When TPA corrects and adjust records on how to treat the insured, it should proceed to inform the insured about such developments. The law gives the employees the right to know the nature of insurance cover that their company has applied. Another aspect of association between third party and the insured is how to handle the medical records. As provided in Health Insurance Portability and Accountability Act (HIPPA) unauthorized persons should not handle the medical records of the employees. Nevertheless, the TPA often gathers information about the patient from respective hospitals. The guideline for seeking such records demands that TPA should inform the owner of such information. Further, TPA should seek the consent of the owner of such records in written documents. The law dictates that the TPA records should exactly reflect the medical needs covered under deal of its contract. Breaching such agreement might attract legal battles as in the case of Arango v. Work & Well. TPA can abuse its discretion under one or all the following circumstances. First, if it makes decisions concerning medical health records without explaining such moves to the insured. During the Pacific Shores Hospital v. United Behavioral Health, the court emphasized the need of TPA to uphold this rule. Second, TPA is liable for abuse of its discretion if it constructed the cover plan in a language that the client is not capable of understanding. Lastly, TPA must use necessary facts to develop and make its determination about cover plan. Failure to meet requirements amounts to infringement of the employees rights. The employer should write to the TPA as well as the employee concerning the health status. The official communication among the three parties absolves the parties from facing legal feuds. Forms The employee should sign a number forms with the TPA. These forms are C-8.1 (2-13) – this form gives a notice of treatment issue. Employee sign and file form C-3 form and C-3.3 form incase he or she has suffered an accident in the workplace. The employee, TPA, and health unit signs this form. C-8.4 (1/11) – the employee would sign this form alongside his employer and the TPA if TPA rejects to meet the medical bill because of objection. Employee would sign form C-32 (11/09) incase he or she is among the mentioned parties after the settlement of claim. In case an employee has suffered injury, TPA would ask him or her to sign form C-430S (1/11). In seeking medication, the employee should give notice of arrangement for diagnostic test and examination by signing form DT-1 (3/12) for the institution that would provide the services. The forms seem to serve specific concerns of the employee ranging from filing claims to contesting the decision made by the TPA over the compensation. TPA Sharing Information with Employer The Personal Health Information Protect Act (PHIPA) limits the third party from sharing information of the patient or policyholder with employer or any other person. If the TPA share health information with employer without written consent of the policy holder then can sue the TPA for breach of PHIPA. Similarly, doctors or healthcare facilities cannot disclose the private information of the employee to the employer without consulting the owner of this information (Herold 87). If the company has learned of the employees highly infectious disease from TPA it follows that the company breached the PHIPA. In this case, the employer cannot use the information it has sourced from the TPA to terminate the job of the infected person. The employee may sue both employer and TPA over their conduct in handling private information. The victim may file a petition under PHIPA in which he or she mentions the TPA and employer for violating his or her privacy. Further, he or she may sue the employer for terminating his job using stolen information. Summary and Recommendation Breaches of privacy would lead to lose of clients, decline in brand preferences, attract legal feud, lose of time in building company name, and the company may incur considerable cost in repairing the damages created to the respective victim. This report suggests or recommends that the company should seek the employee’s consent when it wishes to share employees’ private information. Secondly, it should follow the guidelines for privacy when handling clients. Third Party Administrators should not withhold any information that affects the nature of cover it will offer to the insured. Complying with the demand of these guidelines would absolve the involved parties from facing legal tussles. Lastly, employee should seek information from TPA concerning the value of cover it will offer in case of illness or injury. Work Cited Clack, S. David. Comparative Law and Society. New York: Edward Elgar Publishing. 2012. Herold, Rebecca. Managing an Information Security and Privacy Awareness and Training Program, Second Edition. New York: CRC Press. 2010. -------Workers Compensation Forms for Insurance Carriers, Self-Insured Employers and Third Party Administrators. Web 30 October 2014. Read More