The Health Insurance Portability and Accountability Act was enacted by the 104th United States congress in a bid to improve on the portability and continuity of the health insurance coverage in group and individual markets. It aim is to help reduce fraud, waste and abuses in health care delivery and health insurance, to make easy health insurance administration and to improve the access to long-term coverage and care services. It has two titles, title one protects the health insurance coverage for those workers who change jobs or lose jobs and their families and title two provides for establishment of national standards for electronic health care transactions and national identifiers for employers, health insurance plans and providers. It also outlines several offences that relate to health care and sets the criminal and civil penalties for those who are proved guilty. This act also gives the right to privacy for individuals between the age of 12 and 18. This requires the provider to have signed a disclosure from the affected individual before any information on provided healthcare can be given to anyone including the parents of that person. Thus for the laboratory workers and any health care provider to comply with the act, it is important that that person observes the privacy rule and not disclose any private information until permission has been sort and granted by the affected individual . On the other hand, electronic health records are an evolving concept which is defined as collection of electronic health information on individuals or population systematically. The range of data that can be found under this classification include; immunization status, vital signs, radiology images, billing information, demographics, medication and allergies, personal data like age and weight, laboratory test results, and medical history. This system is designed so that it can presents data that can accurately capture the state of the patient at any particular moment. This will reduce the paper work and make it easier for tracking medical information on an individual since information is represented as a single file which will be updated every time it is used. This will also help in monitoring trends in a single patient for optimal healthcare provision. It is important that laboratory technicians are aware of the provisions of these rules to avoid legal penalties in cases of their being breached. .
Protected health information is any kind of information that is held by a covered entity that concerns health status, payment for health care, or provision of health care which can be linked to an individual. It includes payment history for health care services or any particular part of an individual’s medical records. This information includes names, all the geographical identifiers that are smaller than a state, dates that are related to an individual directly, fax numbers, phone numbers, social security numbers, e-mail addresses, account numbers, medical record numbers, certificate numbers, device serial numbers, URLs, finger, voice or retinal prints, full face photographs, IP address numbers and any other unique data . These covered entities however are required to disclose the Protected Health Information to the concerned individual within 30 days of request. They are also required to disclose the information when directed by law in such cases as when reporting suspected child abuse to state child welfare agencies. The covered entities can also disclose the protected health information to law enforcement officials for the purposes of law enforcement as may be required by law. This will include court orders, subpoenas and court-ordered warrants. It can also be done as required by law for administrative requests or when they are needed in order to help in identification or location of a suspect, material witness, fugitive, or a missing person. A covered entity can also disclose protected health information to facilitate payment, treatment, or health care operations in which case it does not need a patient’s express written authorization. Any other kind of disclose of protected health information requires the covered entity to first obtain written authorization from the patient before any disclosure. And when the covered entity discloses the protected health information, it must make every effort to disclose the minimum amount of information needed to achieve its purpose. This is important in preventing the amount of private information that can incidentally get into the hands of unauthorized people which may compromise the privacy of the affected individual.
The privacy rule establishes the national standards in order to protect individual’s medical records and any other personal data and it applies to health care clearinghouses, health plans and to health care providers that conduct particular health care transactions electronically. This rule gives patients’ rights over their personal health information. It also requires appropriate steps be taken to protect the privacy of any personal information. On the other hand, the HIPAA Security Rule establishes the national standards that are geared towards the protection of individual electronic personal health information that is received, used, created or maintained by a covered entity. Thus the main difference in the two rules is that the security rules are majorly affects the information that is brought into the laboratory to help in treatment of a particular patient while the privacy rule majorly concerns the information gathered in the lab on a particular patient from tests and how it should be handled.
Identifiable information, as applied in the United States privacy law and information security, is any kind of information which can be used on its own or in combination with other information to contact, locate a single person, contact or to identify an individual in context. This can include the name, date and place of birth, biometric records like finger prints, educational, financial or educational information. Unidentifiable information is information that cannot be used, alone or in combination with other kinds of information, to identify a specific individual, to contact, or locate that person. It is created by removal of some of the features of identifiable data like the names, date and place of birth, education, financial or professional details, emails, physical addresses and phone numbers among other data. It is normally used in research studies by universities, government agencies, and other private firms in which protection of the individual is of great importance. These data can also be used for development and marketing purposes by different parties. On the other hand, identifiable information is very important in forensics, in particular the identification and prosecution of criminals when there is need to establish evidence in criminal procedures. It is also important in identification of lost persons who may be found alive or some who may be found dead and there is need for establishing their identity .
References
ama-assn.org. (2013). HIPAA: Health Insurance Portability and Accountability Act. Retrieved from American Medical Association: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act.page
Landi, W. A., & Rao, R. B. (2009). U.S. Patent No. 7,519,591. Washington DC: U.S. Patent and Trademark Office.
Schwartz, P. M., & Solove, D. J. (2011). PII Problem: Privacy and a New Concept of Personally Identifiable Information. The New York Law Review 86, 1814.