HIPAA: Privacy and Security Concerns

By CIOReview | Thursday, October 25, 2018
22
27
5

HIPAA is United States legislation which provides security and data privacy for safeguarding patients’ health information. This has emerged into greater prominence with the proliferation of health data breaches caused by cyber attacks. HIPAA health insurance reform protects health insurance coverage for people who lose or change job. It also forbids health plans from denying coverage to individuals with particular diseases and pre-existing conditions. Since HIPAA was implemented, data is shared in a more robust manner through complex health information exchanges and accountable care structures. HIPAA allows sharing through organized healthcare arrangements (OCHAs).

Standards for security are raised due to the growth in exchange of health information between covered and non-covered entities to guarantee standards of availability, confidentiality, and integrity of e-PHI (electronic protected health information). HIPAA privacy rule can be waived during a natural disaster.

HIPAA privacy rule regulates use and disclosure of PHI by covered entities that include health care clearinghouses, health insurers, employer-sponsored health plans, and medical providers. These are disclosed upon request within 30 days. When a covered entity’s PHI is disclosed, it must make a reasonable effort to share only the minimum necessary information. Privacy rule gives individuals, the right to demand that a covered entity correct any inaccurate PHI to ensure the confidentiality of communications. This also requires keeping track of disclosures and documenting privacy policies. Under the HIPAA privacy rule, falling victim to a healthcare data breach could result in a fine.

The principal goal behind the creation of HIPAA is to improve health care system efficiency by standardizing health care transactions. For better implementation, HIPAA has added new part C titled “Administrative Simplification” which simplifies healthcare transactions. HIPAA covered entity (Hospitals, doctor’s offices, and health insurance providers) is an organization that handles PHI.

HIPAA is a potential minefield of violations that almost any medical professional can commit. The main reason behind this is the lack of education which can easily make people violate rules during their normal course of work. Most violations are momentary lapses that may result in costly mistakes. HIPAA training and education is crucial for maintaining systems and minimize errors.