Administrative ethics: the Health Insurance Portability and Accountability Act
HIPAA the Health Insurance Portability and Accountability Act, which was passed in 1996, was designed to provide federal government protection personally identifiable information, which is held by any of the organizations covered by the Act. Furthermore, the Act gives patients numerous rights in respect to their personal health information. Additionally, the Act is designed in such a way to allow the disclosure of personal information for such important purposes as patient care. However, the administration of the Act has posed a significant challenge to the healthcare providers. A majority of the healthcare providers has applied the Act overzealously; this has foiled any attempts by family members, caregivers, public health officials, and law enforcement agencies to access such information. This has had an adverse effect on all the involved parties. It arises because healthcare providers do not time to understand and train their staff on the legislation. Thus, extensive training on the act is required to eliminate HIPAA administrative challenges.
There is a misconceived notion among the healthcare providers that access to personal health information is prohibited under HIPAA. The confrontation between Mr. Nussbaum and the two nurses proves the misunderstanding of the HIPAA regulations in the medical profession (Gross, 2007). The majority of the healthcare professionals does not understand the law and apply the regulations with fear for fines and jail terms. This occurs despite the fact that minimal prosecutions have occurred since HIPAA’s enactment into law. The Act has been adopted as a set of rules, which have to be adhered to without any perspective; thus, many healthcare professionals have taken little interest to be acquainted with the legislation, and apply it in a defensive, uninformed, and unreasonable way.
The misunderstanding and misinterpretation of the legislation is also evident from the patients’ side. Patients suffering from active medical, cognitive, and psychiatric ailments are more vulnerable to misinterpreting HIPAA regulations. For instance, the misinterpretation of the regulations may arise from the source of notification of the regulations. Depending on the source of the notification, such as the hospital, insurance company, or the healthcare practitioner, the patient may interpret the legislation differently, increasing the chances of misinterpretation (Ondria & William, 2004). Furthermore, the confusion of the HIPAA rules and consequently decreased communication between the patients’ family and healthcare practitioners amplifies the misunderstanding of the regulations and the fear for the noncompliance with the complicated regulations. All these take place in a healthcare environment, which is overburdened by financial and regulatory pressure, and a lack of conducive environment for communication (Ondria & William, 2004). These factors prove the need for extensive training on the application of HIPAA among the healthcare practitioners. Furthermore, there is a need to revise the events associated with HIPAA notification.
Physicians have a duty to maintain the confidentiality of their patients’ personal information. In essence, the healthcare professional’s responsibility to maintain the confidentiality of the patients’ information implies that the physician is not supposed to disclose any medical information provided by the client, or any information obtained in the process of treatment. The AMA’s code of medical ethics dictates that any information, which is obtained in the process of doctor to patient relationship, should be kept confidential to the utmost degree. The ethical guidelines provided by AMA are not legally binding; however, the courts have used ethical responsibilities as a means for imposing legal obligations. Furthermore, the maintenance of confidentiality concerning patients’ information is both an ethical and legal responsibility. The legal responsibilities of a physician are defined the US Constitution, the Federal and state laws, and the courts. Thus, even without the application of ethical standards, the courts initiate a course of action for breach of confidentiality against any physician who divulges confidential client information without adhering to proper authorization from the client (American Medical association, 2011a).
The enactment of HIPAA created further patient confidentiality considerations. Under HIPAA, the covered entities are mandated to release patient’s protected health information without any prior authorization if such disclosures are aimed at facilitating treatment, payment, or healthcare operations. The Act requires physicians to ensure that they protect the privacy and security of their patients’ medical information and utilize a standard format when tendering electronic transactions; for instance, when submitting payment claims to payers (American Medical association, 2011b). However, HIPAA’s requirement for confidentiality has led to medical staff becoming little more flexible and humane. It has increased the medical practitioners’ priority for confidentiality as we move towards full computerization of medical records. To safeguard electronic privacy requires HIPAA, and an administrative simplification of the regulations.
Gross (2007) rarely mentions the managerial responsibilities related to HIPAA’s ethical issues. However, the article insignificantly deals with the issue of investigation with regards to determining that information was withheld. The article states that of the 27,778 privacy complaints, which were launched in 2003, the cases that were investigated were the cases, which were filed by patients who were prevented from accessing their own health information. However, in addition to investigations, there are other critical HIPAA administrative issues, which are aimed at detecting, deterring, and preventing fraud, abuse, and mistakes on the HIPAA regulations.
The critical managerial responsibilities related to HIPAA’s ethical issues include training, audits, and anonymous reporting mechanisms. The compliance of HIPAA’s ethical guidelines is complicated, commonly misinterpreted, and misunderstood. Thus, there is the need to train all healthcare professionals on the application of the regulation. This will act to detect, deter, and prevent possible fraud, abuse, and mistakes (Health Management Associates, n.d.). Furthermore, all healthcare staffs need to be informed of the need for complying with HIPAA regulations. The other is audit; all risky areas concerning the compliance of HIPAA’s ethical issues need to be audited to determine a strict compliance with the set regulations, and to allow corrective actions to be taken in case of noncompliance. Lastly is the existence of anonymous reporting mechanism; this allows for anonymous reporting of noncompliance with HIPAA regulations. The four factors are the managerial responsibilities under HIPAA.
In conclusion, the enactment of HIPAA into law was a blessing in disguise with regards to prioritizing the security of patients’ health information. However, the Act has encountered numerous challenges, more so, in its interpretation and application. A significant number of the healthcare practitioners misunderstand the regulations. Additionally, the act has instigated numerous ethical and administrative issues. Therefore, numerous amendments are required to ease the application of the regulations and to remove the defensive attitude that is currently being witnessed among the healthcare professionals in the application of the regulations. Furthermore, extensive training on the interpretation and the implications of the Act are necessary to remove the confusion in the application and misunderstanding of the Act among the healthcare professionals.
References
American Medical Association. (2011a). Patient Physician Relationship Topics. Retrieved 13
Sept. 2011 from http://www.ama-assn.org/ama/pub/physician-resources/legal-
topics/patient-physician-relationship-topics/patient-confidentiality.page
American Medical Association. (2011b). CPT Coding, Billing & Insurance. Retrieved 13 Sept.
2011 from http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-
your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-
act.page?
Gross, K. (2007). Keeping Patients’ Details Private, Even From Kin. The New York Times.
Retrieved 13 Sept. 2011 from
<http://www.nytimes.com/2007/07/03/health/policy/03hipaa.html>
Ondria, C., & William, R. (2004). Suicide Attempt Due to a Misunderstood HIPAA Notice.
American Journal of Psychiatry, 161: 374. Retrieved 13 Sept. 2011 from
http://ajp.psychiatryonline.org/cgi/content/full/161/2/374
Health Management Associates. (n.d.). Medical Staff: Compliance & HIPAA Program Overview
Certification. Retrieved 13 Sept. 2011 from
http://www.davisregional.com/Resources/38/FileRepository/Compliance%20Overview%
20and%20Certification.pdf