The breach in data use causes billions of dollars in wastage. This risks the credibility in medical well being, and the future of most healthcare providers. To help protect the breaches, the Health Insurance Portability and Accountability Act (HIPPA) controls and protects the usage, transmission and storage of healthcare information. It protects both electronic and paper formats with the main aim of guaranteeing the privacy and security of healthcare information. On the other hand, the Health Information Technology for Economic and Clinical Health Act (HITECH) came into law on February 17, 2009 mainly to improve and promote the adoption and use of health information technology, to interconnect and improve the system of healthcare delivery. The state and federal agencies get involved in enacting some of these regulations. However, these bodies employ different measures in the enactment of laws. In the federal law, health care information remains protected if it meets the (PHI) Protected Health Information standard. In state law information remains protected if it meets the medical record standards. Q1. The HITECH privacy act enforces security obligations in every aspect of healthcare operations. The act establishes the need for compliance, which increases the overall costs in operating IT healthcare systems. It imposes accountability levels and privacy in medical use. The act gives patients the rights on their own health records, with the rights to prevent disclosure of the same information to other healthcare providers. It has also increased mandatory penalties towards healthcare providers who violate privacy as concerns the use of patient’s data. Nonetheless, it has also increased litigation and fines on healthcare providers who are non compliant to set laws and regulations and at the same time offenders get prosecuted upon violation.
The HIPPA security rule addresses two kinds of standards. They are addressable and required standards. The addressable standard assess the healthcare systems specifications to determine if requirements meet the act while the latter ensures that entities have implemented required standards. These could be enforced through a checklist (Beaver & Herold, 2004). While these acts impose stiffer regulations, healthcare establishments that demonstrate the capacity in use of electronic health systems obtain financial incentives in terms of grants for personnel who support health information system infrastructure. Q2. Healthcare providers will need to be compliant in data encryption. This is because encryption is key in security and privacy of patient’s data. The HITECH act through the National Institute of Standards and Technology helps in enacting the concept through a federal information processing standard to ensure software vendors implement encryption algorithms such as the AES algorithm (“Hi Tech Requirements for the HITECH Act”). On the other side, the regulations will change access modes on data, by implementing controls within the software to ensure for controlled access to patients information.
The HITECH Act modifies the use of software systems by implementing administrative procedures, technical and physical safeguards. This ensures that security rules pertaining to access of patients health records is compliant to the rules and regulations concerning the health Acts. These acts also ensure that electronic controls ensure that data remains undestroyed. Q3. Hardware vendors must perform a risk analysis to ensure their manufactured hardware’s conform to security standards based on the acts. Organizations that operate datacenters that store medical records must use Protected Health Information (PHI) compliant hardware, which abide by patients privacy and security obligations. The datacenters must be located in safe locations, some in the Midwest regions. This necessitates the hardware vendors to design hardware specifications that meet minimum security standards for processing, transmission and storage of health records. On the other hand, other transmission infrastructures such as the Wide Area Network (WAN) and Local Area Network must use encryption standards that comply with the HITECH and HIPPA Acts. This ensures that hardware and software vendors design their products to comply with the state and federal Acts. Q4. Organizations that act as health care providers are constantly upgrading their infrastructure to enable them meet the requirements of the laws and regulations. Organizations deploy information access management policies aimed at authorizing access depending on role based access. Organizations are implementing security measures aimed at controlling access to patient’s data. This security rule controls access based on patient’s authority. On the other hand, organizations implement policies and procedures to conform with the acts within their infrastructure, with such policies being implementing contingency plans to help an organization respond effectively, to an emergency such as fire, system failure or any other natural disaster.
Other than that, organizations establish disaster recovery plans that implement procedures to restore data in case of loss. The HIPPA act also establishes a requirement in data storage and file recovery as a contingency plan for health records in digital formats. The acts are not optional, and heath care providers must ensure that their data is recoverable, reused frequently and be encrypted at all times. They must also develop a comprehensive security program to enforce authentication rules based on access roles. This will ensure that health information remains secured to maintain privacy at all times.
References
Beaver, K., & Herold, R. (2004). The practical guide to HIPAA privacy and security compliance. Boca Raton: Auerbach Publications.
Bowers, R. (n.d.). Hi Tech Requirements for the HITECH Act. Hi Tech Requirements for the HITECH Act. Retrieved February 28, 2014, from http://www.collectionindustry.org/component/content/article/43-rodney-bowers-columns/340-hi-tech-requirements-for-the-hitech-act.html
