Effect of Titles and Subtitles of HIPAA on the IT Organization - Essay Example

Effect of s and Sub s of HIPAA on the IT Organization By of Table of Contents Introduction 3 About HIPAA 3 The use and access 4 The rules 4 Costs 5 Medical research 5 Different ways of implementing HIPAA 6 Type 6 Importance 6 Considerations 6 IT requirements for HIPAA 7 Access Control / Authorization 7 Audit controls 8 Authentication Data 8 Entity Authentication 8 Conclusion 9 References 10 Effect of Titles and Subtitles of HIPAA on the IT Organization Introduction The Health Information Portability and Accountability Act (HIPAA) were passed in 1996. The goal of HIPAA is to protect patients against having personal medical information is passed to third parties without their knowledge. HIPAA requires that patients be informed of their rights and they have a waiver that their health care facility authorizes to sign to share their information. As a result of HIPAA regulations, a series of transaction codes were created, so that the information that is shared can be tracked and categorized (Wiener & Gilliland, 2011). This is to ensure that only the necessary information, together with that, upon request is passed on. The process of utilization of health of patient is described by HIPPA in detailed. It is important for the medical institutions to make certain that the privacy of the person much be kept confidential. This form of step mostly complete by modifying how much PHI (protected health information is utilized. Basically Protected Health information is referred as the demographics, diagnoses and different treatments of the patient. On the other hand, the complete form of details and information can only be communicate with the staff directly in the patient care, relevant entities and other insurance organizations (Wiener & Gilliland, 2011).  About HIPAA On 14th April 2003, the HIPPA law came into force. The aim of this law is to save the privacy of the information related to the health of the patient by forming the minimum federal standards of how the health care providers may disclose this form of details (Thompson et al., 2011). Whereas the privacy of patient is sheltered from other form of parties, numerous health related professionals have criticized that barriers to access to information imposed by HIPAA potential risk can put the superiority and appropriateness and suitability of patient care. There are many intrinsic negative effects as HIPAA and other builds due to their susceptibility to misunderstanding (Thompson et al., 2011). The use and access The right to obtain record of copies of medical records is given to the patients by HIPAA so patient can recognize faults and appeal different form of corrections. On the other hand, the medical information of patients is also protected by HIPAA, and make certain that the medical information of one patient is not utilized by any other patient, other parties like marketing companies, other insurance companies and for the purpose of financial purposes. Moreover, refined from of technologies are also taken part in the HIPAA implementation and also offer an in-depth review for authentication and identification of individuals who have modified details at diverse stages of access log, which enhance transparency and as well as accountability (McGraw, 2012). The rules Due to the complexity in the management of health information, sometimes the HIPAA rules are difficult to apply, making information management professional health interpret the rules themselves. This has led to erroneous and incorrect applications that appear to have caused delays in treatments of healthcare interpretations (US Department of Health and Human Services, 2013). Costs For the patients the direct form of cost is negligible, the institutions of health may also charge the patient only postage and copying cost for documents delivery. Alternatively, health care providers cost are also high and may also compress the over budgets. Few of the hospitals and clinics have had to remodel and rebuild present areas to fulfill with seclusion regulations of registration HIPAA (US Department of Health and Human Services, 2013). Medical research The different form of researches of Association of Academic Health Centers identify that the regulation of HIPAA force different barriers to investigation in humans through the prohibition of the distribution of data within the scope of the investigation. These barriers include delaying changes to the IRB, the difficulty of obtaining data identified DE and having to work at multiple study sites. The Society of Epidemiology held in the web a survey of more than 4,000 people and found that 67.8 percent felt that HIPAA has made life easier at a level four research in a five-point scale, where five great amount of additional costs and time (Thomas, 2014). However, one can argue that the respondents to the surveys conducted by professional organizations are more likely to have had negative experiences than those who did not respond (McGraw, 2012). Different ways of implementing HIPAA The Law on Insurance Portability and Accountability (HIPAA) of 1996 established the rules for processing information private health care of individuals. There are specific ways that HIPAA is implemented in a medical environment (Thomas, 2014). Type Organizations health care must have written policies and procedures that are consistent with HIPAA regulations. They must also have a specific person assigned to ensure that the protected information is kept private and secure. This person is responsible for training other employees regarding the guidelines established by HIPAA, ensuring that all standards are met, and disciplining employees who fail to comply with HIPAA (Wiener & Gilliland, 2011). Importance By requiring an organization to establish written policies and procedures and appointing a specific individual responsible for ensuring compliance, organizations are accountable. Provide specification for the implementation of HIPAA also makes it easier and faster for the organization to become compliant with privacy regulations and security (Thompson et al., 2011). Considerations Organizations can be designated as “hybrid entities” if only a selected number of functions of the organization meet the requirements for a covered entity under HIPAA. These organizations must designate in writing which components are health care related and therefore must comply with HIPAA regulations, otherwise the entire organization must meet (McGraw, 2012). IT requirements for HIPAA Other than mentioning the certain form of information related to compliance technologies, the HIPPA act of the year 1996 offers proper form of guidelines for the organizations of health care sector in order to protect the health information of the patients electronically from mistreatment. These forms of guidelines are based on the control of the information in the electronic system, establishment of the audit control system, authentication of the transferred data by the organization (US Department of Health and Human Services, 2013). Access Control / Authorization Each organization should develop and implement procedures to allow access technologies among its workforce to computer systems of care organization. The regulation requires documented procedures based on role or access the employee’s position. Some of the network components in organizations of the health care sectors can utilize in order to control the access between different office include systems of intranet, which are basically private networks of computer, software or hardware that offers a detailed firewall in order to obstruct not permitted access of the information (Thomas, 2014). Audit controls In health care organizations, the officers of security can implement different form of technologies in order to form the trails of audit or logs that are able to record each attempt to access to information. Organizations of healthcare sector can utilize policies combination, network management software, and hardware in order to respond and record to unprotected access of information (Thompson et al., 2011). Authentication Data Some of the organizations in the healthcare sector may also make a decision to relate encryption technologies in order to make certain the transmitted data security between business partners and organizations. Encryption of data makes it illegible to everyone other than a receiver with a key to decrypt the message of data. Additionally in order to communicate with the partners of business, the organizations of healthcare sector can execute encryption to transform information and outcomes of clinical laboratory or to share with the individual patients. On the other hand, organization may also consider the execution of snit-virus software and digital signature technology to validate the information and also to save the systems from the adverse hackers (US Department of Health and Human Services, 2013). Entity Authentication The security of HIPAA requires organizations of health sector to offer staff with “unique user identifier” for computer system access, and execute the features of automatic disconnect workstations. On the other hand, regulation also suggests different technologies related to user authentication ranging from personal data and passwords for deification on biometric system like smart card, fingerprint and iris scan in order to substantiate authorized users to access information saved in computer system or physical space terminals (McGraw, 2012). Conclusion Numerous companies provide start overall protection of the health insurance with the first day on the career because it really is essential to provide new staff a packet benefits as before long as feasible. During the new-hire orientation, the company’s benefits administrator will make a presentation on the health and fitness care options available to employees. She is also current on any concerns new employees have to overcome certain costs, additional coverage for family members and pre-existing conditions. Discussions about individual professional medical information must be really generally performed in non-public, under the General Health Insurance Plan Portability and Accountability Act (HIPAA). HIPAA recommendations have strict confidentiality when talking about health and fitness insurance and other professional medical information with employees. References McGraw, D. (2012). Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data. Journal of the American Medical Informatics Association, amiajnl-2012. Thomas, L. W. (2014). How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations (No. TCRP Project J-5). Thompson, L. A., Black, E., Duff, W. P., Black, N. P., Saliba, H., & Dawson, K. (2011). Protected health information on social networking sites: ethical and legal considerations. Journal of medical Internet research, 13(1). US Department of Health and Human Services. (2013). The Health Insurance Portability and Accountability Act of 1996: health information privacy. US Department of Health and Human Services website. Wiener, J. A., & Gilliland, A. T. (2011). Balancing between two goods: Health Insurance Portability and Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences archival and historical special collections. Journal of the Medical Library Association: JMLA, 99(1), 15. Read More