HIPPA and Electronic Health Information
Participants and beneficiaries in a group health plan have the rights to be protected. Health Insurance portability Act (HIPAA) ensures physicians protect the privacy and security of patient`s medical information (Jeffrey, & Geoffrey, 2008). This protection covers areas such as confidentiality of patient information, the integrity, and its availability. Healthcare organizations now practice this as a legal requirement despite just doing it as best practice for healthcare services
As part of achieving HIPAA compliance, there are several processes adopted. The processes are adopted to cover the security management lifecycle and they help to identify gaps in an organization`s security program (Vasiliki, Marinos, & Vincenzo, 2010). They are:
Assessment
Design
Deployment
Management and
Education
The Development in technology has been a key factor in developing concepts in healthcare such as Electronic health records. These are records created through the collection of electronic health information such medical history, allergies, laboratory test results, medication, and billing in a systematic manner. The data are generated, shared, and maintained within the institution and there is ease of retrieving it. Electronic health records increase safety, as there is improved quality in management and evidence-based decision support.
As part of its Privacy Rule, HIPAA provides federal protection on patients’ personal health information and enlighten them on their rights with respect to the information. When there is a need for the patients` health information for patient care, the Privacy Rule is not restrictive as it permits disclosure. Disclosure is also permitted where the information is to be used further for some other purposes deemed necessary.
Under HIPAA protection umbrella, individuals obtain new rights that allow them to enroll for health coverage in case they lose their health coverage, when they get married and even when they get new dependent. When an employee changes employment, the new employer, may arrange to rule out pre-existing conditions coverage. HIPAA offers genuine protection to workers by ensuring employer potential is limited in trying to ban this. Employees maybe also discriminated based on health factors facing them such as genetic information and previous medical conditions. This can also be extended to their dependent family. It is in this concern that HIPAA intervenes and ensures such discrimination is not practiced (Adam & Nilmini, 2004).
Other protection benefits workers and families enjoy including health insurance coverage availability in any level of employment, opportunities to enjoy group health plan in case the person loses other coverage also prohibiting charging employees premiums based on employees health status related factors.
Protected health information
Under HIPAA, protected health information can be defined as health information that is related to a person. This information includes any medical record about a patient, which includes the health status and healthcare services that is explicitly linked to a patient and is held by a covered entity. An individual has been vested right to request correction of any inaccurate information. This is courtesy of HIPAA Privacy Rule and covered entities are supposed to keep track of protected health information and its revelation on top of documenting any the privacy policies and procedures (Adam & Nilmini, 2004).
Unless an individual authorizes disclosure, Covered entity can only disclose health information only where it is needed to facilitate health care operations or treatment. It is required that where there is disclosure of PHI by a covered entity, rational effort should be made to make sure that there is minimum necessary information disclosed that is required to achieve the entities purpose. The entity must keep a track of PHI disclosure and to do this it must designate a contact person and a Privacy Official. Their responsibilities include all procedural matters regarding PHI such training workforce members and receiving complaints.
The Privacy Rule safeguards individuals` medical records, ensures protection on individuals` health information by setting conditions, and limits disclosure without proper authorization. Through this rule, a patient has the right to inspect their health information also obtain a copy any health records. The rights over this health information are secured, and responsibility is imposed on the covered entities workforce to ensure this. The key elements of this rule include: the information protected, who is covered and how the health information can be disclosed (Szymkiw, 2011).
The HIPAA Security Rule defines the standard safeguards that must be put in place to ensure the required protection of patients Electronic Protected Health Information (EPHI) (Shortliffe & Cimino, 2006). The rule entails security mechanisms that limit access to patient information, loss of the information also unauthorized disclosure. These administrative, physical, and technical safeguards exist within a covered entity
Identifiable information is any information about an individual that can be used to potentially identify, locate, and contact a person. This is unique information such as name, phone number, fingerprints, e-mail address, and biometric data. Unidentifiable information is any data that cannot be readily identified or recognized with an object. The information has unnamed or unknown source, and there is no credible information to suggest that the information is attached to a certain item.
References
Adam F., & Nilmini W., (2004) "An integrative framework for HIPAA-compliant I*IQ
healthcare information systems", International Journal of Health Care Quality
Assurance, Vol. 17 Iss: 2, pp.65 – 74
Jeffrey P. H., & Geoffrey M. M., (2008) "The role of laboratory information systems in
healthcare quality improvement,” an International Journal of Health Care Quality
Assurance, 21 (7), pp.679 - 691
Szymkiw, K. (2011). ‘A new telecommunications solution enhances productivity and patient
care’. Health Management Technology; Aug 2011, 32 (8), p26-27, 2p
Vasiliki M., Marinos T., & Vincenzo M., (2010). "Healthcare information systems and older
employees' training,” Journal of Enterprise Information Management, 23 (6),
pp.680 – 693
Shortliffe E. & Cimino J.J., (2006). Biomedical Informatics: Computer Applications in
Health
Care and Biomedicine (3rd edition). New York: Springer