Human beings have become social creatures with the great sharing of issues on the social platforms. Social media revolution has taken place over the last few years. The healthcare providers have been in the age where digital information can spread so fast over an extensive range of distance. When one violates the Health Insurance Portability and Accountability Act of 1996, social media can make the content be seen by over millions of people just in minutes. It is easy to share the personal health information of the patients through the social media and violate the privacy rights of the patient. Due to the rising violation of the patients’ privacy, various regulations have been developed to help ensure the privacy rights of patients are maintained ( Ventola, C. L. 2014) . During the introduction of HIPAA in 1996, social media was not so rampant, and online communication was very narrow. According to U.S. Department of Health and Human Services, HIPAA established certain standards and requirements for the transmission of health information to improve the effectiveness and efficiency of the healthcare by enhancing the privacy of the patients. It focuses on how the patient's information can be used to ensure their privacy rights are not violated by any social media users. The health employees are therefore required under the Act to protect by all means all the personal information about the patients. The doctor-patient relationship is to be based on the mutual trust, and no doctor is expected to share any personal information about the patients that could lead to the revelation of the identity of the patient. The HIPAA was enacted in August 1996. It required the issue of the privacy regulations governing the identifiable health information ( Moses, R. E. et al., 2014) . HHS made a proposed rule and presented it to the public for the public for comment in 1999. 52000 public comments were received. The final regulation, the privacy rule was published in 2000.
The standards for the privacy of health information known as the privacy rule set various standards for the protection of identifiable patient’s health information. The privacy rule specifies the use and disclosure of individuals protected health information. It restricts the use of one’s information without the consent. Patients have the right to control how their information is used. The Department of Health and Human Services (HHS) through the office of Civil Rights has the mandate to enforce the privacy rule and take action for those health officers who violate the Act ( Anthony, D. L. et al., 2014) . If an individual violates the HIPAA unknowingly, the minimum penalty is $100 per violation with an annual maximum of $25000 f0r the repeat violations. The maximum penalty is $50000 per violation, with an annual maximum of $1.5 million. Noncompliance by reasonable cause can attract a penalty of $1000 for every violation, with a maximum being $100000 for any repeat violations after the first one. The maximum violation can attract a penalty of $50000 for every violation and an annual maximum of $1.5 million. Any violation of the willful neglect which is corrected after sometime can attract a minimum penalty of $10000 per violation with an annual maximum of $250000 for any repeat violations ( Bansal, G., & Gefen, D. 2010). The maximum penalty for the breach of willful neglect is $50000 for every offence, with an annual maximum of up to 1.5 million. When one fails to comply with an intentional disregard with no correction done within a required period, the minimum penalty is $50000 per violation with a maximum of up to $1.5 million per annum. The maximum penalty for the same violation is $50000 with an annual maximum charge of $1.5 million. The penalties are summarized in the table below.
Delegate your assignment to our experts and they will do the rest.
|
HIPAA Violation |
Minimum Penalty |
Maximum Penalty |
|---|---|---|
| Unknowing |
$100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) |
$50,000 per violation, with an annual maximum of $1.5 million |
|
Reasonable Cause |
$1,000 per violation, with an annual maximum of $100,000 for repeat violations |
$50,000 per violation, with an annual maximum of $1.5 million |
Willful neglect but violation is corrected within the required time period |
$10,000 per violation, with an annual maximum of $250,000 for repeat violations |
$50,000 per violation, with an annual maximum of $1.5 million |
intentional neglect and no correction is done within required time period |
$50,000 per violation, with a maximum of $1.5 million annually |
$50,000 per violation, with an annual maximum of $1.5 million |
The penalties are directly applicable to the various entities that are covered in the system including the health plans, Medicare prescription drug card sponsors, the health care providers and the health care clearinghouse. The various individuals such as the directors or the employees can also be held liable for the corporate criminal liability.
The U.S. Department of Health and Human Services (HHS) office of the Civil Rights is responsible for ensuring the HIPAA privacy and Security Rules are enforced ( Perera, et al., 2011). It undertakes all the necessary steps to ensure the HIPAA Act is not violated and is responsible for investigating the complaints filed by the affected. It also conducts the compliance reviews to identify whether the entities covered under the Act are complying with the requirements. The body also ensures that people are educated to enhance the compliance with the rules of the Act. Office for Civil Rights (OCR) also carries out an audit of healthcare providers and other businesses as well as handing out the fines for noncompliance ( Kempfert, A. E., & Reed, B. D. 2011). Earlier, OCR only carried out an audit on the HIPAA covered entity when a patient filed a complaint with the agency. Other than holding the covered entities responsible, the ORC also publishes HIPAA privacy rule guidelines intended to assist organizations in meeting requirements for compliance according to the Act. It also provides a variety of compliance resources through various forms such as training materials and guidance materials for the covered entities. The Centre for Medicare and Medicaid Services (CMS) and the Office of the National Coordinating for Health IT (ONC) all play critical roles as healthcare resources as well as regulators of the programs. OCR does the audit to cover the entities and business associates for the HIPAA compliance ( Scheinfeld, N., & Rothstein, B. 2013 ). CMS, on the other hand, plays a role in the reduction of the Medicare reimbursement payments of meaningful use participants that fail to meet the criteria required under the Act. The CMS is responsible for various activities which include the administration of Medicare, Medicaid and children’s insurance programs, implementation of the federal government incentive programs, drafting the standards for the certification of electronic health technology, making updates on the HIPAA health information privacy and security regulations. ONC, on the other hand, is responsible for the coordination of the health IT policies through the provision of leadership in the development and implementation of the standards and certification of health IT. It uses the HealthIT.gov site in sharing the healthcare compliance resources.
Various solutions can be adopted to ensure compliance with the HIPAA while using social media platforms. The first step is to provide adequate education to the employees on the HIPAA regulations, including any new changes that are made to the Act. The employees should be aware of all the possible penalties that are applicable in the case of violation of the Act. These training can be done through training seminars where employees are trained on the rules and the requirements of the Act and how to avoid violating these Acts while using social media. The covered entities and business associates should also keep the devices containing the patients’ health information on the right place away from of any other people who are not directly responsible. If the patients’ health information is not stored in the right hands, it becomes straightforward for the information to spread to social media and make the covered entity pay the penalty. Also, the use of encryption and firewalls can be used to secure the online patients’ health information. This can be done by using technologies that can remotely lock the health information of the patients to prevent any unauthorized access by other employees who could miss using the information by sharing it on social media and expose the organization to penalties and fines. Only a few entrusted people should have access to the patients’ health information. All other employees should be locked from accessing that information using encryption and firewalls. The files of the employees should be properly and correctly stored in the right place where the health information of the patients is secure and safe. Handling paper and electronic files in business is a major challenge due to the cases of file misplacement or missing files. The employees must be reminded to correctly put the files in the right place to avoid misplacement of the patients’ papers which could lead to the exposure of the information to unwanted people who might. As a result, share it on the social media. While using the social media for marketing, the covered entity must be very keen on the information it posts on the social media to ensure it is not against the violation of the HIPAA regulations ( Abdelhak, et al., 2014) . This can still be achieved through appropriate training on the requirements of the HIPAA Act. Some employees may share the patients’ personal health information without knowing that it violates the privacy rights of the patients.
Putting up measures to ensure compliance with the HIPAA as the employees use social media always come with costs. The covered entities and associated businesses will have to incur costs in training its employees on the requirements of the HIPAA Act. The seminars and training lessons prepared to make employees equip themselves the requirements of the Act involves the use of funds. Also, the creation of secure system through encryption and firewalls require more funds ( Lifchez, et al., 2012) . It is expensive to install a secure system in the organization to ensure the security of the patients’ health information. The covered entities must incur all these costs to ensure they avoid fines and penalties for violations done by their employees. Further costs also incurred in the creation of a correct filing and storage system which will ensure the electronic files of patients are stored in a secure and correct place that is safe away from unauthorized access. Thus in the overall implementation of a system to ensure compliance with the HIPAA act, the covered entities will have to incur several expenses in their attempts to comply with the HIPAA Act. However, the covered entities will also cut costs on penalties and fines that they would incur for noncompliance.
The health care manager has a responsibility of ensuring that the safety and security of the patients’ health information are protected. The manager provides leadership and guidance to other health employees on how to ensure compliance. The manager is also responsible for creating a culture of trust between the patients and the healthcare providers. This culture will ensure that the doctors and nurses always respect the privacy rights of the patients. Also, the manager is responsible for providing the resources required to ensure compliance is met. The manager must ensure that all employees are aware of the HIPAA act and what charges are applicable for noncompliance. The manager remains the overall head who define the success of the compliance processes. Without appropriate leadership and creation of the environment necessary for the employees to understand the importance of protecting patients’ information, there can be no achievements made.
In conclusion, there has been growing challenge in the healthcare departments on how to ensure the health information of the employees is protected from the social media users. With the growing number of social media use by the healthcare providers, the need to protect patients’ information from reaching the social media platform must be taken into consideration. Healthcare organizations must, therefore, ensure that their employees comply with the privacy rule which bars them from sharing the patients’ information in the social media. Any health organization that fails to comply with the regulations will have to face various penalties.
References
Anthony, D. L., Appari, A., & Johnson, M. E. (2014). Institutionalizing HIPAA compliance: Organizations and competing logics in US health care. Journal of health and social behavior , 55 (1), 108-124.
Bansal, G., & Gefen, D. (2010). The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision support systems , 49 (2),138-150.
Kempfert, A. E., & Reed, B. D. (2011). Health care reform in the United States: HITECH Act and HIPAA privacy, security, and enforcement issues. FDCC Quarterly , 61 (3), 240.
Lifchez, S. D., McKee, D. M., Raven, R. B., Shafritz, A. B., & Tueting, J. L. (2012). Guidelines for ethical and professional use of social media in a hand surgery practice. The Journal of hand surgery , 37 (12), 636-2641.in medicine. Clinical obstetrics and gynecology , 56 (3).
Moses, R. E., McNeese, L. G., Feld, L. D., & Feld, A. D. (2014). Social media in the health-care setting: benefits but also a minefield of compliance and other legal issues. The American journal of gastroenterology , 109 (8), 1128-1132.
Perera, G., Holbrook, A., Thabane, L., Foster, G., & Willison, D. J. (2011). Views on health information sharing and privacy from primary care practices using electronic medical records. International journal of medical informatics , 80 (2), 94-101.
Scheinfeld, N., & Rothstein, B. (2013, December). HIPAA, dermatology images, and the law. In Seminars in cutaneous medicine and surgery (Vol. 32, No. 4, pp. 199-204). Frontline Medical Communications.
Ventola, C. L. (2014). Social media and health care professionals: benefits, risks, and best practices. Pharmacy and Therapeutics , 39 (7), 491.
