1) Purpose of Paper
The purpose of this paper is to create awareness on certain issues that have the potential to impact specific healthcare functions and responsibilities. The topic chosen is Violation of HIPAA Confidentiality. This topic is relevant because it highlights the mechanisms in place to protect a patient's private information. It is also applicable to the health care providers who may be unaware of the specific regulations of these laws that they may violate. These laws affect every organization and institution that stores or processes medical records.
The applicable Federal laws governing this right are the Health Insurance Portability and Accountability Act of 1996. (HIPAA) This act is enforced by both the federal and the state government and thus it is not readily classified as strictly federal law. However, if any state has laws that are more rigorous than the HIPAA , the state laws take precedence over the HIPAA. For example, California state laws allow patients to access their medical records in written form within ten days. Health providers from California have the discretion to withhold clinician notes and any other observations. This provision is not included in the HIPAA. When the situation arises, this state law applies over the HIPAA federal laws (Cannon & Caldwell, 2016 p 19-20).
Delegate your assignment to our experts and they will do the rest.
2.The specifically targeted employee group and particular health services setting
The insurance industry is the most prominent health services provider that is affected by this intervention. This is because they handle the bulk of individual personal medical information right from admission to the treatment level. The Emergency Room (ER) setting is one of the places where private information may be transferred or shared outside the confines of the privacy laws. The program administrators were the target employee group.
3) Discussion of Three Critical Aspects of Employee’s responsibilities
a) Discussion of Employee Specific Critical Responsibility 1: Right to privacy
The program administrators were interviewed about their role in accessing patient data records. It was established that in an emergency setting such as the one they worked in, they were mandated by law to access the personal medical records. They were also allowed to disclose part of this history to attending physicians if the information needed was potentially life-saving or it could adversely affect the medical outcome. This law was expressly covered in the HIPAA. Violation of this law was prohibited by law to those outside this mandate. It is also supported by California's state laws (Sterling, 2015 p 55).
California Civil Code 56.06 through the Confidentiality of Medical Information Act (CMIA) protects the patient's right to privacy by preventing the use of individual medical information by any business entity such as an insurance company or policy enforcers. Use here excludes the access to emergency procedures. In this case, breach of the law can be persecuted as it is upheld under the California Constitution, Article 1, section 1. All businesses that offer the hardware or software whose purpose is to maintain this privacy must enforce this law (Cannon & Caldwell, 2016 p 22).
The program administrators in the ER established that some were unaware of the specific regulations that were present in the state laws. It was clear across the board that most were only aware of the HIPAA laws. A clear distinction was made, and the administrators were informed that state laws had prominence over the HIPAA. These laws protect the administrators if information regarding the emergency care of a minor is disclosed to the parents or guardians. Information on non-emergency matters such as pregnancy, contraception or abortion are considered private and cannot be disclosed without the minors permission (Sterling, 2015 p 53).
b) Discussion of Employee Specific Critical Responsibility 2: Security of medical information
The Standards for Privacy of Individually Identifiable Health Information are a set of rules within the HIPAA that govern the safety of any records that can be used to identify the patient. The program administrators demonstrated their understanding of this standards by describing the extent to which they could share data. This included the systems inbuilt mechanisms to limit the number of people who can access the information through the use of security checks. The Security rule enforces this law, and the HHS Security Risk Assessment Tool assess the participants for compliance.
US Department of Health and Human Services. (2015, p7) points out that the Information Practices Act (IPA) in California state law protects this law and allows prosecution if one is found to violate California Civil Code 1798-1798.78. The Insurance Information and Privacy Protection Act (IIPPA) supports the right to security including on information such as claims and Applications that are handled by insurance personnel in conjunction with the hospital. The program administrators were conversant with this rules, and their compliance with the system was demonstrated. The administrators were aware of their duty to report breaches of security under the Data breach notice that is applicable under the California Civil Code 1798.29 and 1798.82. This role was not fully mandated because there was no legal provision to enforce it. This was despite the California Health and Safety code that required notification of a breach to the patient and the patient within 15 days of a breach of medical information occurring (Furrow et al., 2014 p 43-44).
c) Discussion of Employee Specific Critical Responsibility 3: Patient Rights
This scope of HIPAA was the most controversial from our discussion with the administrators. Most were not aware that the Patient had a right to access their information if they submitted a written request for the same. This led to a review of the "Your Health Information, Your Rights" which is a general outline of the information that the patient has a right to demand. This included access to an electronic copy of their records in a format that worked best for them. The administrators were also informed that the security of the information provided was then passed to the patient because they had the right to disclose this information to any person of their choice. The people who had to comply with this rules included health care providers who liaised with billing agencies, health plans such as those under government and private agencies such as Medicaid and medical clearing houses such as lawyers and IT persons as well as those responsible for destroying medical records. These laws were not applicable to child services or law enforcement agencies (Furrow et al., 2014 p50).
US Department of Health and Human Services. (2015, p10) states that access to such information grants the patient the right to withhold or give permission for other uses such as marketing purposes. Administrators were also made aware that this records could be used by a patient as a foundation to file a complaint with the insurers or with the US Department of Health and Human Services. The California state laws also allowed disciplinary action including compensation under the California Confidentiality of Medical Information.
4. Conclusion
The interactions with the ER program administrators made it clear that the understanding of HIPAA Confidentiality laws was not as basic as it should be. It was also evident that there was some contradiction between the federal HIPAA laws and the California state laws. More studying and training should be done to ensure ensure that there is no breach of the law on account of ignorance. This will save all the relevant bodies a great deal of turmoil and guarantee the patients the respect and dignity they deserve. For more information about this issue log onto https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html or http://www.chhs.ca.gov/OHII/Pages/StateandFederalHIPAALaws.aspx
References
Cannon, A. A., " Caldwell, H. (2016). HIPAA violations among nursing students: Teachable moment or terminal mistake-A case study. Journal of Nursing Education and Practice , 6 (12), 41.
Furrow, B., Greaney, T., Johnson, S., Jost, T., " Schwartz, R. (2014). Health law . West Academic.
Sterling, R. (2015). Defend your practice against HIPAA violations. Medical economics , 92 (5), 52-57.
US Department of Health and Human Services. (2015). Guidance regarding methods for de-identification of protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
