The HIPAA Law and Nursing/Society - Term Paper Example

? The HIPAA Law and Nursing/Society Interdisciplinary Perspectives in Health Law Your Introduction The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress and signed into law by President Clinton in 1996. The main element of the Act is that it is a law which guarantees and protects health insurance for workers and their families in cases where they lose their jobs. The Act led to the creation of national standards for electronic health care and the linkage of health care to the identity of individuals, health insurance companies and employers. Privacy is a major element of the Act and it provides a digitalization and computerization of the administration of health insurance for workers in the United States. Obviously, the Act, like many healthcare acts in the United States have implications for legal practitioners and medical professionals. It creates rights and obligations for these professionals. This paper critiques the application of the law and its impact on nurses and lawyers in their work. In attaining this end, the paper will involve an analysis of the history of the act, its legal elements and implications for nurses and the society. History of the HIPAA Regulations As a background to the Act, it must be noted that there was a series of uncoordinated Acts that covered healthcare and health information of patients. These laws were somewhat remote and they did not create direct obligations on practitioners in the health sector. In other words, people whose information was abused in the health sector could raise civil cases. However, there were no direct laws that criminalized the abuse of privileged information in the health sector. Thus, there was a general need for the creation of a single unified law that dealt with the issue. The HIPAA regulations came to force in 1996 after a number of concerns were raised in relation to confidentiality rules and principles. At the heart of the factors that forced the creation of the HIPAA law is the landmark case of Jaffee V Redmond (1996). In the case, Jaffee was a police officer who shot a person on the grounds that the individual was wielding a deadly weapon and was chasing another person. Hence, she saw it necessary to shoot the victim in order to prevent him from causing serious injury to the pursued. However, information put forward by witnesses suggested otherwise. They claimed that there was actually no danger to the pursued and thus, the actions of Jaffee was unwarranted. Redmond sought to find out the root cause of the shooting and hence, demanded for the medical and counseling records of Jaffee to prove to the courts that Jaffee had some issues and was not competent to carry out her tasks as a police officer. The issue of the admissibility of the evidence of Jaffee's records led to a series of appeals (Meyer and Weaver, 2006). Eventually, the case was presented to the Supreme Court who had to rule on whether a person's medical records could be disclosed for court cases or it was to be held in confidence and hence was inadmissible. There were 7 votes against the admissibility of medical records and 2 for the admissibility of such evidence (Meyer and Weaver, 2006). The bottomline of the Jaffee V Redmond case was that medical records were to be held in confidence and should not be disclosed to a third party without the proper procedures. Hence, there was the need for the streamlining of the principle of confidentiality of medical records. This led to the impetus for the passing of the HIPAA Law in the same year. In order to critique the concept of privacy indicates that it has deep roots in the laws of the United States and all modern and “civilized” nations. “Invasion of privacy is the unwarranted appropriation or exploitation of one's personality, publicizing one's private affairs with which the public has no legitimate concern, or wrongful intrusion into one's private activities, in such a manner as to cause mental suffering or humiliation to a person of ordinary sensibilities” (Hillyer, 2009, p245). The invasion of privacy is about the unauthorized use of another person's information for purposes other than what was agreed upon. It could encompass so many ideas like the use of other people's information for one's benefits or to humiliate the individual. In the broad sense, if information of an individual is used for a purpose other than what has been expressly agreed upon, or in the best interest of the individual in the circumstances at hand, it could be considered to be an invasion of the individual's privacy. In the narrower sense, it might relate to the use of another person's information in a manner that provides some kind of advantage or recklessness on the part of a person who is privileged to the information. This could include handing over the information to a third party or abusing it. Hillyer (2007) goes on to state that the right to privacy has been held sacred in the US constitution since the 1800s. This is part of the right to personal autonomy in the 14th Amendment of the US Constitution. Thus, the protection of this individual right has been enhanced by various laws and statutes that are subordinate to the main rule. This include the Financial Privacy Act 1978 and the Financial Services Modernization Act 1999 which were meant to safeguard the information of individuals in financial services and financial intermediaries. Similar rules that protected the privacy of people's information included the Internal Revenue Code 1986 and the Employment Retirement Income Security Act (1974) (Mamorsky, 2001). These laws were to improve the portability and continuity of information that were meant to amongst other things, promote healthcare and health insurance amongst workers and similar persons in the United States. Hence, the elements of the Jaffee case created the urgent need for some kind of legislation to be created to protect information of patients in the medical sector. This is because medical information is sensitive and could be abused on so many pedestals. Thus, it became propitious for the new law to be enacted and practiced. Components & Scope of the HIPAA Regulations The Health Insurance Portability and Accountability Act (HIPAA) together with the HIPAA regulations was the first comprehensive federal scheme for the protection of health information (Raoch, 2006 p16). This implies that it contained important laws that was critical and important in protecting and enforcing privacy rules that safeguarded information. The law has five titles, which include: 1. Health Care Access and Reliability. 2. Preventing Fraud and Abuse and Administrative Simplification. 3. Tax Related Provisions 4. Application and Enforcement of Group Health Plan Requirements 5. Revenue Offsets Thus, the law protects and enhances the rights of consumers in the health sector by providing them with health information and controlling inappropriate use of health information of people who use health care facilities (Roach, 2006 p115). This provides some degree of obligations to nurses and other practitioners in the health sector. This is because these professionals are liable under law for the abuse and misuse of such information. The Law provides some criminal obligations which forces the crime authorities like the police to act to prosecute persons accused of such abuses. The second element of the law is that it helps to improve the quality of care by restoring “trust” in the system amongst consumers, providers and other stakeholders (Roach, 2006). This implies that the system is meant to get all people who handle medical information to do so in good faith. This provides some degree of assurance to all those who use such health facilities. In cases and events where this trust is broken, it is possible for persons to report it for action to be taken by the police and/or other law enforcement agencies. Finally, it is meant to improve the effectiveness and efficiency of the healthcare delivery system (Roach, 2006). This implies that the law seeks to link different information like tax information, revenue offsets and other elements in an administrative system that has been simplified through a system prescribed by the law. This is meant to eliminate all sorts of suspicions and bottlenecks that could make the health information system to operate in a manner that is less productive. In terms of the “scope” of the HIPAA regulations, it can be said that the law defines “covered entities” which are those entities that meet the definition of healthcare providers (Hillyer, 2007). This is the primary category and it inherently includes all the facilities like hospitals, clinics and other entities that provide health related services. Inherently, this binds all the member who get access to privileged information like nurses and other medical professionals. The scope of the law over professionals in the healthcare industry is so broad that it encompasses professionals who discharge their services outside a traditional health facility like home-carers like nurses who care for old people in their homes as well as school nurses (Bergren, 2004). The second component of persons or individuals who are affected by the HIPAA regulations is the people who transmit health information or control such information (Hillyer, 2007). This implies that the law affects people like IT professionals who play various roles in processing and storing privileged information relating to the health details of persons around the United States. These persons have the obligation to observe all the privacy and confidentiality rules and avoid the abuse of such information. Implications of HIPAA to Nursing and the Legal Professions The primary implication of the law is that it criminalizes the abuse of patients' personal information and data. This means that where information about individuals is used wrongly by a nurse, that nurse can be held liable for it criminally. Thus, in contrast with the civil proceedings where an individual can choose to take action or not, the criminalization of abuse of information creates some complications. First of all, anyone who reports any abuse of information to the appropriate authorities will cause the authorities to commence investigations by default. In other words, the police or relevant authority will have to begin investigations as a matter of law, not a matter of choice. Also, it does not really matter who raises the issues. Anyone in the country can literally raise criminal charges against a nurse or health professional who abuses patients' personal information and records. Cases will be stated as the United States versus the Health Practitioner, and not as the Affected Individual versus the Health Practitioner in question. This means that healthcare has come under an obligation and strong demand to comply with the relevant statutes relating to the proper use and coordination of information relating to people and other relevant matters. It can therefore be said that the HIPAA provides a strong requirement for nurses to respect the privacy of patients Another remarkable element of the HIPAA law is that it covers Electronic Medical Records (EMR) (Heller and Veach, 2008 p39). Also, the scope includes personal health records and it means that the proliferation of such records must be done in a way and manner that respects the important elements and aspects of the patients' privacy. This raises three main issues that are relevant to the nursing profession. First of all, information must be used only where necessary. In other words, information must be used in a way and manner that is relevant to the problem at hand. Therefore, it is wise for a health facility to employ a lawyer that they can consult in relation to the scope of information that they need to collect from their patients. It is important for the minimum information necessary to deal with the problem to be collected. This is because the more extraneous information that is collected, the greater the risk that the organization will create a situation where information can be potentially abused. The second aspect is the careful usage of financial information. The Act indicates that the Social Security Numbers and other personal information of a patient will be at the disposal of the healthcare institutions. Hence, there is the need for the institutions to find an appropriate means of storing the information and recording them. This will mean that they will have to ensure that reasonable steps are taken within the law. This will require the collection of relevant information from a lawyer whose advice might be indispensable in the attainment of this end. Also, there is the need for legal records to be taken where issues of potential problems are being handled. For instance, the collection of information or dissemination of information about a patient in public interest might need to be recorded in a way and manner that will not implicate the firm legally. This will mean that the health care facility will have to seek legal advice before such documentation or disclosures are carried out. And they must be documented properly and kept appropriately. Heller and Veach go on to state that there are four main things that a healthcare facility must design in consultation with an adequately qualified IT company and lawyer in order to create a system within which nurses and other professionals can operate (2008). This include: 1. Acquisition and installation of appropriate software. 2. Training of staff members. 3. Provision of backup for downtimes. 4. Authorization of activities. Thus, a nurse in a facility will need to attain adequate training of how the software and systems work and also get knowledge of what to do in times where the system is down. Also, a nurse must work within the protocols and limits set by the automated system. Exceeding that can potentially lead to issues and problems for the nurse. The core element of the HIPAA regulations that a nurse needs to be very sensitive to is the fact that it promotes patient autonomy and it is designed to increase patients' control over health related information (Rice, 2008). This is because patients' permissions are needed in cases where disclosure is necessary or desired. The intervening points of the HIPAA in the practice and operations of a nurse include three main areas (Wilson, 2004). These three areas must be handled with caution by the nurse and other members of a healthcare facility which include: 1. Transaction rules: The nurse must be sensitive to all transaction rules that will be instituted by the healthcare facility 2. Privacy rules: There will be the need for the autonomy of patients to be respected. 3. Security rules: This include the rules and regulations relating to security in the company and this must be obeyed appropriately. HIPAA's Operations and the Wider Society HIPAA rules inevitably creates the framework for the disclosure of patients' information. It defines the scope of collecting and storing information to avoid infringement (Bolcic-Jankovic, 2007). Hence, there is a natural scope within which people must disclose their information. It also enhances the interconnectedness of tax, salaries and work in order to ensure that they all work together to provide the best results. In cases where a healthcare facility exceeds its grounds, any individual in the society can report the case and demand further investigations to the matter. This also laid the foundation for the creation of a coordinated healthcare system which is now part of the health insurance system which has far reaching consequences for health in the United States. However, the HIPAA regulations have some limitations in both practice and principle. Schneider (2006) states that the rules of the HIPAA law are just too technical and they create complex, unclear and confusing principles which are problematic in practice. It creates too many obligations that adds up to the administrative costs of health care facilities and work requirements of nurses and other health professionals. Also, Fefferman et al (2005) argue that it stands in the way of critical research into health matter, as information is not easily disclosed. Due to this, information cannot be collected easily for research and it leads to issues. In another study by Bolcic-Jankovic et al (2007), it was found that disclosure is possible for research purposes but the permission required is disproportionally high. The implication of the limitations that the HIPAA imposes on research and studies implies that it could be limited on the grounds of public interest. However, it is best and most advisable to do so after taking instructions from a qualified lawyer who knows the implication of such limitations. Conclusion HIPAA is a law that is meant to safeguard patience autonomy and privacy in the health sector. It binds healthcare facilities and staff and professionals in the healthcare industry including nurses. HIPAA creates legal obligations for healthcare professionals like nurses to be careful not to abuse or misuse information pertaining to individual patients. Failure to adhere to this requirement leads to criminal charges which could be initiated by any member of the society, not necessarily those affected by the breach. Nurses and facilities must only collect information necessary to attain their results. They should also be careful with how they store their information. Where there is the need to break elements of the law, the healthcare facility must seek legal advice on how to proceed. Nurses need to be sensitive to the relevant transaction rules, privacy rules and security rules when carrying out their activities. This will prevent the possible lawsuits that could affect them adversely. The HIPAA has been criticized for being to technical. It is also said to be against research and the study of medical matters for the improvement of the sector. The act also makes it imperative for facilities to seek legal advice in periods where there is the need to limit some rights to confidentiality. This implies that lawyers have a stronger role in medical facilities now than they used to in the past. References Abood, R. (2010) Pharmacy Practice and the Law New York: Jones and Bartlett Learning Bergen, M. D. (2004) “HIPAA-FERPA Revisited” Journal of School Nursing 20(2) pp101 – 112 Bolcic-Jankovic, D., Clarridge, B. R., Fowler, F. J. and Weissman, J. S. (2007) “Do Characteristics of HIPAA Consent Forms Affect Research” Medical Care Vol 45 (1) pp100 – 103 Fefferman, N. A., O'Neil, E. A. and Naumova, E. (2005) “Confidentiality and Confidence: Is Data Aggregation a Means to Achieve Both” Journal of Public Health Policy 26 pp430 – 449 Heller, M. E. and Veach, L. (2008) Clinical Medical Assisting: A Professional, Approach Mason, OH: Cengage Hillyer, C. D. (2007) Blood Banking and Transfusion Medicine: Basic Principles and Practice Boston, MA: Elsevier Health Sciences Mamorsky, J. D. (2001) Health Care Benefits Law New York: LawCatlog Meyer, R. G. and Weaver, C. M. (2006) Law and Mental Health: A Case Based Approach New York: Guilford Press. Rice, M. J. (2008) “HIPAA's Impact on Study Validity” Journal of the American Psychiatric Nurses Association Vol 14 (3) pp225 – 230 Roach, W. H. (2006) Medical Records and the Law New York: Jones and Bartlett Learning Schneider, C. E. (2006) “At Law: HIPPA-Cracy” The Hasting Center Report Vol 36 (1) pp10 – 11 Wilson, F. P. (2004) “HIPAA: The Big Picture for Home Care and Hospice” Home Health Care Management 16 (2) pp127 – 137 Read More