Abstract
HIPAA policy is in place to protect the private health and personal information of patients. This became necessary as health insurance companies and medical clinics stopped using a paper system and moved on to computerized medical records. While electronic paper work was more convenient and efficient, it opened up new risks for security breaches. The guidelines of HIPAA were created to address these concerns.
As technology advances forward, we find some areas of HIPAA that could stand to be updated. Hackers are becoming more skilled and targeting large companies in order to access a large amount of personal data. Medical offices and insurance companies must guard themselves against these breaches. There are also concerns over photocopiers and fax machines with hard drives that same data and images that can be accessed to retrieve personal data and medical records. We also have social challenges, such as that of adoptees not being able to access the health records of their biological parents in order to see what medical issues they may be pre-disposed to.
HIPAA is an acronym for Heath Insurance Portability and Accountability Act, which was put in place in 1996 to guard the privacy of specific health information. At the time, the health care industry had moved towards using electronic data storage over paper. Computerized health records were more convenient and efficient, but this latest technological application opened new security risks. HIPAA became the solution, detailing security measures to protect private information.
Health care providers are required to protect the privacy of a patient’s health information. They can discuss matters of test results, interesting cases, etc., as long as they don’t give away any information that can be used to ascertain the patient’s identity; identifiers such as a name, birthdate, the hospital location and draw time.
Any information that could be used to identify a patient is considered to break HIPAA regulation. There are many reasons for keeping this information private. Lets say a celebrity is being admitted to the hospital for a procedure. HIPPA’s Privacy Rule prevents any of the hospital staff from selling this information to the tabloids. Another example, if a clinician determines the results of an STD sample to be positive and they recognize the patient’s name as their neighbor, HIPAA protects this information and makes it illegal for the clinician to spread rumor of this finding or from trying to extort the neighbor.
Even with HIPAA policies in place, breaches still happen. Recently, an employee of UC Irvine Medical Center breached records of over 4,800 patients. This individual “improperly accessed information including patient names, dates of birth, addresses, diagnoses, medical test and prescriptions” (Terhune, 2015). While the individual did not use this information for personal gain as far as we can tell, HIPAA violations are taken seriously and as a result; police are conducting a criminal investigation.
Basic safeguards are required to protect patient information. An organization must have policies put into place that only allow authorized personnel access to protected health information. Security concerns moving forward would need to include safeguards for online hackers. We have seen recently how a hacker gained access to personal information for past and present government workers. It is hypothesized that the Chinese are behind this security infringement. The files breached contained 780 pieces of personal data on each individual. “Those personal details can be used for blackmail, or also to shape bogus emails designed to appear legitimate while injecting spyware on the networks of government agencies or businesses Chinese hackers are trying to penetrate” (Tribune wire reporters, 2015). Hackers are skillful and there is concern of them accessing protected health information.
Revisions in workstation and device security may need to be updated to include the disposal or re-use of printers, copy machines, and Fax machines. Printers don’t come to mind for most individuals thinking about electronic media. However, it has been found that printer/copiers can store data from the hundreds and thousands of scans they complete in their lifetime. A printer that is discarded from a health care office can harbor private information and potential security risks. In fact, CBS news went to a warehouse and purchased four used copy machines without any prior information about the machines or where they came from. These machines have hard drives that store information and images. One of these four machines ended up being from an insurance company, Affinity Health Plan, and had 300 pages of medical records on the hard drive that were still accessable. “They included everything from drug prescriptions, to blood test results, to a cancer diagnosis” (Keteyian, 2010). You can imagine the damage this information could cause in the wrong hands. It is concerning that the majority of the population doesn’t know these hard drives exist. Employees who are given a simple task of replacing old office equipment don’t realize these hard drives exist and abandon our personal data along with these machines. With technological advances, some telephones even have this capability and are able to store information that violates HIPAA.
Right now, family history is protected under HIPAA. This can be especially difficult for adoptees as they have genuine concern and curiosity for what health conditions they may be pre-disposed to. Knowing the name of your biological parents and providing a birth certificate to show family relationship, physicians are still unable to provide adoptees with this information. Updates may need to be made to reflect these sensitive situations so pertinent health information can be shared.
As more medical and technological advances are made, there will need to be updates made to the HIPAA guidelines. Social changes and new laws may also come into place that will require a change in wording within HIPAA’s guidelines.
References
Keteyian, Armen. (2010, April 19).“Digital Photocopiers Loaded With Secrets.” CBS Evening News. Retrieved June 24, 2015, from <http:www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/>
Terhune, Chad. (2015, June 18). “Nearly 5,000 Patients Affected by UC Irvine Medical Data Breach.” LA Times. Retrieved June 24, 2015, from <http:www.latimes.com/business/la-fi-uc-irvine-data-breach-20150618-story.html>
Tribune wire reports. (2015, June 11). “Hackers Stole Data for Every Federal Employee: Union.” Chicago Tribune. Retrieved June 24, 2015, from <http:www.chicagotribune.com/news/nationworld/ct-federal-data-hackers-20150611-story.html>
