Section A
The healthcare industry has been facing more data breaches than ever since 2013. The breaches have affected more than 1.84 million individuals with each patient held accountable for more than $18,600 for medical services. Medical records are increasingly becoming important for cyber criminals with its prices rocketing up to $50 in the black market. The medical records contain social security numbers, name, address and health identification number. The increasing interest of medical records in the black market has created a problem for healthcare professionals especially as patient records go digital. Digitizing medical records is not a new phenomenon but it has significant consequences if the records are not stored properly. Organizations can take certain precautions to prevent data breaches. Every department should be trained on the importance of protecting patient data. Withholding such information only hurts the entire system since cracks in the information technology department could create an opportunity for cyber criminals. Educating employees on what happens in case of a breach from a Health Insurance Portability and Accountability Act standpoint. Allscripts Healthcare Solutions Inc. is a publicly traded company that provides hospital and physicians with electronic health record management technology. Allscript also provides solutions for patient care and coordination as well as analytics technology. The essay will review the company’s policies regarding privacy and security of patient information at Allscripts according to healthcare informatics practices from the viewpoint of a healthcare informatics specialist.
Allscripts handles a huge number of confidential patient information therefore; it is susceptible to breaches that could affect millions of patients. In February 2018, a ransom ware attack affected the company’s data stored on cloud; most clients could not access their services. Privacy refers to the patient’s ability to comprehend and exercise authority over the manner in which their information is utilized by other parties while security refers to the degree in which information is accessible to unauthorized individuals. Authorized individuals can breach privacy when they utilize the information in an unwanted manner. Security is breached when an unwanted party gains access to health care records. Allscripts Enterrise has information Privacy and Security Policies or the Health Insurance Portability and Accountability Act (HIPPA) privacy policy. The main mandate of the policy is to implement the requirements of the HIPPA privacy laws as it relates to the company’s business activities and obligations (Yang et al. 2015 p. 74). The privacy rule contains privacy breach notification protocols that apply to health records established, received, stored or transmitted by health care providers who partake in electronic transactions. The Office for Civil Rights is the enforcement agency responsible for enforcing HIPPA regulations. The policy’s main purpose is to define the procedures for employees who have access to protected health information. The policy stipulates that the employees’ failure to comply with the policy might result to termination. The HIPPA act of 1996 mandated the Secretary of the U.S Department of Health and Human Services to establish rules to safeguard the security and privacy of certain health information. The Department of Human Services published the commonly known HIPPA Privacy Rule and the HIPPA Security Rule. The security rule established standards for safeguarding specific health information that is stored in electronic sources. The Security Rule makes the standards outlined in the privacy rule functional by addressing the non-technical and technical safeguards covered entities must enforce to secure patients’ health information. New technologies in healthcare that shifted paper processes to electronic information claims necessitated the need to establish HIPPA. While these technologies have provided for efficiency in the healthcare industry, the rise and rate of technology use has enhanced the potential for risks. The key goal of the security rule is to safeguard patients’ privacy while authorizing covered organizations such as Allscripts Enterprises to utilize technologies to enhance the quality and efficacy of patient care. The healthcare marketplace is diverse therefore the Security Rule is established to be flexible to enable covered organizations to enact policies, technologies, and processes that are suited for the organization’s size, structure and potential for risks. The Security Rule under HIPPA covers healthcare providers, clearinghouses and health plans that transmit electronic health information. HIPPA protects the privacy of individually identifiable data (PHI). The Security Rule safeguards a set of information covered by the Privacy Rule; which refers to identifiable health information and organization such as Allscripts stores, acquires or transmits in electronic form. The act requires covered entities to ensure that their workforce complies with HIPPA regulations. The covered entities need to ensure that they identify and safeguard against potential threats to the security of integrity of patient information. The covered entity should ensure that they maintain confidentiality, integrity and availability of the electronic patient health information they receive, maintain and transmit. The act requires that covered entities conduct risk analysis processes that evaluate the potential and impact of risks to patient information (Kotz et al. 2016 p. 22). The risk analysis process should include an implementation of suitable security measures to solve the risks identified. The covered entity should record the appropriate measure when required and the reason for adopting the chosen measures. The company should implement administrative, physical and technical safeguards in the quest to protect patient health information. Allscripts must identify and evaluate future risks to electronic patient health information and it must implement measures to reduce the risks and susceptibility to a suitable level. The Chief Privacy and Security Counsel at Allscipt is responsible for the evaluation and analysis of potential threats at the company. Additionally, administrative safeguards include the appointment of security officials who are responsible for establishing and implementing security policies and procedures. the chief privacy and security counsel at Allscripts ensures that the requirements of the company’s privacy policy is implemented according to the HIPPA regulations. The covered entity is required to implement procedures for allowing access to electronic patient health information only when the access is suitable based on the recipient’s role. The Chief Privacy and Security Counsel determine if the utilization or disclosure of PHI is allowed or required by the law. Additionally the counsel determines if the limited amount of information necessary to accomplish the intended reason for use or request. The counsel determines if the disclosure of patient health information is limited to a particular set of information and ensures that an appropriate data use agreement is instituted before the company gives limited data set to another organization. One of the administrative safeguards required of the covered entity is employee training and management. The Chief Privacy and Security Counsel provide an opportunity for Allscript employees to comply with HIPPA training. Additionally, they ensure that suitable records exist to verify the employees’ training and such evidence is retained for at least six years. The counsel performs regular evaluations to ensure that the policy meets the requirements of the Security Rule. Allscripts Enterprise has implemented physical safeguards to ensure that they protect patient information. Allscripts counsel ensures that they control access to the facilities while ensuring that allowed access is authorized. Examples of the physical safeguards put in place at Allscripts include the use of keycards at all entrances; the keycard access is only limited to authorized individuals. The employees are not allowed to let non-employees access the workstations unless the PHI is secured. Each individual employee is responsible for the PHI in his or her workplace. A covered entity such as Allscripts implements procedures that specify the use and access to workplace and electronic media. All employees who violate the regulations can be subjected to disciplinary actions as specified by the policy. Allscripts implements technical policies and procedures that authorize a limited number of people to access protected health information. For instance, Allscripts safeguards the patient health information stored in computers, laptops are encrypted, and security protocols that is time-activated by passwords. Allscripts through the Chief Privacy and Security Council (CSPC) implements software mechanisms that record and evaluate access and other activities in information systems that utilize electronic patient health information. The CSPC ensures that procedures are implemented to maintain the integrity of electronic patient health information. Allscripts implements measures that safeguard against unauthorized access to electronic patient information transmitted through business associates. Organizations covered by HIPPA are needed to comply with the Security Rule however, the rule categorizes certain implementation components as addressable while other as required. The “required” components must be enforced while on the other hand “addressable” components are much more flexible giving organizations the freedom to determine if the specification is suitable for their specific setting. Business associates are individuals that access, establish, receive, maintain or transmit patient health information. Additionally business associates are that perform certain functions on behalf of Allscripts. These functions may include billing, product development, data center hosting, benefits management, data processing, analysis or administration. Business associates also include individuals providing specific services to Allscript such as legal, consulting, accounting, auditing management, financial services and many others. The department of Human Health Services established rules concerning business associate responsibilities and contracts as provided by the HITECH Act of 2009. At Allscripts all third party individuals have to sign third party associates agreements. There are factors considered before such agreements are signed. For instance how close a business associate may have access to PHI, consultations with the chief privacy and security counsel, and the legal department’s determination of whether, the business associate agreement is necessity in the event that a business associate agreement is breached an employee is required to report the breach to the CSPC and Chief Compliance Counsel (CCC). The CSPC and CCC take necessary steps to mitigate the breach or end the violation.
Delegate your assignment to our experts and they will do the rest.
The Department of Human Health Services office for Civil Rights is responsible for enforcing. The HHS office for Civil Rights has had a huge impact on the enforcement of the HIPPA privacy and security rule. In 2013, the U.S Health and Human Services’ Office for Civil Rights outlined regulations modifying the privacy rights for patients. The new rules prompted key shifts in medical record privacy compliance required of health providers by the two federal laws, the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009. The new rules enacted expanded the privacy measures to apply to other groups that have access to patient information whether they PHI is held by a healthcare provider, health plan or business associate. The new regulations documented in 2013 dictates the new HIPPA compliance obligations for third party (Yang et al. 2015 p. 74). The new rules also regulate health related businesses that use patient information for marketing and fundraising. One of the key points highlighted in the new regulations is the establishment of clear processes where patients can be notified when there is a breach in their records. The new rules also stipulate the penalties for noncompliance with maximum penalties ranging from $1.5 million per violation. Individual patient rights are also modified in significant methods, patients can request for copies of their electronic patient health information. If a patient pays by cash, they have the rights to instruct the health provider not to disclose any information. The new regulations also set new limits on how the information is utilized and disclosed for marketing and prohibits the sale of individuals’ health information. Section 20.3 of the Allscripts Privacy policy dictates that the company may not use or disclose highly confidential information such as HIV status, mental health status or substance abuse treatment programs. Section 20.4 stipulates that the company cannot receive any form of remuneration in exchange for patient health information. HIPPA requires that all covered entities conduct regular risk assessments to safeguard protected health information. The assessments should identify the individuals and categorize the locations, people, processes and systems that acquire, store and transmit data. The evaluations should not only include computers and servers in the organization but also include smartphones, flash drives, and hard drives used by employees. The assessment of risks should utilize broad criteria such as the impact of third party associations and regulatory compliance. HIPPA regulations ensure that covered entities such as Allscripts implement more than physical and technical safeguards. With the rapid adoption of new mobile technologies and IoT devices in healthcare, patient health information is acquired, transmitted and accessed in more than one building. Restricting access to patient information requires more than physical safeguards; organizations need to concentrate on protecting the data rather than building where the data is stored. HIPPA also requires that organizations maintain proper log. Implementation of HIPPA improves quality initiatives at Allscripts since it requires the company to report breaches to the Human Health Secretary immediately it happens. The Department of Human Health Services is planning to update some new requirements in a quality improvement initiative. The department plans to expand their services to issuing directions for cyber-attacks and data breaches as well as providing guidance for cyber security management. Cloud computing and electronic has expanded possibilities in the healthcare industry by improving the amount of information these organizations can collect and store. HHS plans to explore options to provide data protection without deterring the benefits of shared data. The adoption of mobile technology means that patient data can be stored in devices such as smartphones and other non-conventional devices. Therefore, HHS is planning to evaluate the new technologies and determine how the privacy and security rules apply to them and how they can be integrated with conventional health data technologies.
The privacy and security of electronic patient health information enforced by the HIPPA act of 1996 has had some considerable gains for patients. The main benefit is the fact that HIPPA ensures health care providers and business associates implement safeguards to protect patient health information. While no healthcare organization could willingly disclose patient information; HIPPA makes it mandatory for organizations to safeguard data and put in place repercussions for failure to fulfill requirements. HIPPA provides patients with the freedom over who gets to see their health records. The HIPPA rules stipulate who can access health data and whom the information can be shared with (Kotz et al. 2016 p. 22). All health records created, transmitted and stored by healthcare providers is subjected to stringent security controls. HIPPA has been instrumental in letting patients take more active roles in healthcare and allows them obtain copies of their records. Healthcare organizations sometimes make mistakes when documenting health information, patients obtaining copies of their records ensures that errors are corrected. Obtaining copies of health records can be helpful for patients when they visit new healthcare providers since it provides a history of their medical records. Before the enactment of HIPPA Privacy and security rules there were no requirements for healthcare providers to release copies of their patient records.
Section B
Allscripts Enterprises are mostly involved in electronic health management therefore; HIPPA plays a huge function in the running of the whole organization. Providers of electronic health records services such as Allscripts benefit greatly from the implementation of HIPPA. The company’s privacy policy implements the requirements policy of HIPPA privacy rule in the company’s overall business and obligations. The HIPPA privacy rule involves privacy and breach notifications that pertain to individually identifiable health information established, acquired, stored or transmitted by health care providers who engage in specific health transactions, health plans and business associates. HIPPA has significant benefits for organizations such as Allscripts since it helped the transition from paper records to electronic records. HIPPA had aided the streamlining of administrative healthcare functions, enhanced efficiency for most organizations and ensured that protected health information is transmitted securely. All HIPPA covered entities use the same code sets and identifiers therefore the transmission of electronic health information is secure (Boric-Lubecke et al. 2015 p. 1). The privacy rule under HIPPA has helped build better security within the organization in terms of electronic and physical security. Sharing electronic patient health information has increased the efficiency of Allscript since they can easily share records between several providers with the patient’s permission. The Allscript Enterprise Electronic Health Record is a good example of the healthcare industry using technology to enhance the quality of the care provided to its patients. The Allscripts enterprise EHR stores a huge amount of information about patients from general information such as mailing address, names and medically relevant information. The Privacy Rule addresses the utilization and disclosure of patients’ health information by organizations under HIPPA. Additionally the privacy rule stipulates the standards for patients’ privacy rights to comprehend and control how their health information is utilized. The Security Rule stipulates the standards for protected health information that is stored and transferred in electronic form. The Security Rule makes the Privacy Rule more functional by addressing patient the technical safeguards that organizations enforce to secure patients’ medical records. Within Allscripts, Patient Health Information (PHI) can be encountered in the Allscripts Enterprise EHR application, the work database and the ConnectR Interface engine a software that processes messages in the HL7 format to get information out and into the electronic health record. The Allscripts EHR and the concepts of its implementation such as the interface engine and the Works database store, use and avail a huge amount of information the incredible amount of data stored in Allscripts databases are secured and protected by the HIPPA therefore enhancing the efficiency and operations of all departments at the company.
The Chief Privacy and Security Counsel (CPSC) is responsible for ensuring that the requirements of the privacy policy are implemented to the latter in accordance with HIPPA. The CPSC makes a determination of whether the disclosure of PHI is allowed by the law. The CPSC also makes a determination of the exact amount of information needed to accomplish a certain purpose. The CPSC drafts and reviews business associate agreements and provide the employees with guidance to ensure that disclosure is limited to the required documents of the law. The CPSC receives requests for any kind of PHI disclosure and authorizes the company to make amendments to PHI in a designated record set as long as the covered entity has provided formal authorization. The CPSC investigates and determines if a privacy breach has occurred and provides the company advice on the suitable actions to mitigate harmful effects stemming from the utilization or disclosure of PHI in violations of the policy. CPSC mantains documents required by the policy including formally written requests on the use or disclosure of PHI in paper or electronic form for a period of six years as required by HIPPA. Other documents maintained by CPSC include written request for access to PHI, requests for amendment of PHI, and forwarding requests. The CPSC performs the function of a repository and investigates the validity of complaints brought forward by clients. The CPSC provides an opportunity for employees to receive training on HIPPA compliance and directs the employees to comply with HIPPA. Additionally, the CPSC verifies that employees have proper documents as proof of training and retains the evidence for six years. CPSC or his designee recommends suitable disciplinary actions against an employee who is engaged in breach of privacy or who fails to comply with privacy and security policies. The CPSC will determine the suitable disciplinary actions after reviewing the relevant evidence and may appoint another individual to the position according to the requirements of the company’s Privacy and Security Policy. Allscript employees are charged with the responsibility of ensuring that the PHI is accessed, utilized, and disclosed according to the minimum necessary requirement of the law and company policy. Employees have the responsibility to notify the CPSC when they are unsure of the circumstance of the use or disclosure of PHI. The employee is responsible for notifying the CPSC when there is a request of disclosure or use for public health purposes. If Allscripts workers discover an issue that may constitute a breach or violation of agreements, the employee should report the misconduct to the Chief Compliance Agreement and CPSC. The Employees have the responsibility not to distribute patient PHI other than in the official ways provided for in the privacy policy. The employees have the responsibility to verify and identify any individuals or organizations requesting for patient health information. Employees have the responsibility to disclose patient health information to an extent authorized by the law. The employees have the responsibility to notify CPSC when patients request a restriction with regard to the disclosure of use of a patient’s PHI.
The privacy and security rules provided in HIPPA supports the management of health data. Although the Privacy Rule is widely known in the healthcare industry, the application of its rules can be hard to decipher. The rules apply top two categories: covered entities and business associates. Most covered entities work in collaboration with other businesses in order to operate and may disclose information to third parties known as business associates. Allscripts Enterprise is a business associate and covered entity since it provides services to other health care providers. All covered entities are required to implement privacy policies and procedures and endeavor to maintain the records in case of an inquiry. A covered entity must require that all third party individuals sign business agreement contracts. Prior to HIPPA in 1996 healthcare providers were not required to store and transmit patient data in any particular manner; however, after 1996 they were mandated to maintain and transmit patient data in a secure manner. HIPPA requires that electronic medical records systems utilize data encryption to protect patient medical records. Data encryption technology safeguards the patient health information while they are stored or transmitted to ensure that only appropriate recipients are authorized to view them. There are other HIPPA data security systems installed on health care systems such as firewalls to safeguard the system from unauthorized access. Additionally HIPPA enables the installation of electronic auditing systems that require users to identify themselves through key cards. HIPPA data security audits carried out on a regular basis ensure high levels of organizational compliance. Cloud backup is a technical safeguard that ensures all deleted information can be recovered and restored therefore keeping the organization’s compliance record detailed. Cloud backup also ensures that all patient records can be restored after breach incidents. Initiating physical safeguards such as heavily guarded data centers ensures that theft incidences do not interfere with the integrity of electronic patient health information. The access, storage and transmission of health records is made more efficient through HIPPA. Access to medical records is restricted to individuals authorized by the law. The health care provider owns the patients’ records however, the patient access their medical records. A huge number of healthcare providers and clearinghouses are providing physicians with access to software and other assistance relating to electronic health records. HIPPA requires that covered entities such as Allscripts implement technical, physical and administrative safeguards that suitably protect the confidentiality and integrity of patient health information that it establishes, receives, maintains and transmits. Compliance to HIPPA is instrumental in ensuring that physicians do not misuse their positions to acquire patient information. Any use of PHI other than treatment or payment should be analyzed to verify compliance with HIPAA by obtaining patient authorization when appropriate, implementing and recording suitable access controls, disclosing the minimum required amount of PHI and complying with required business associate provisions. Poorly managed data can compromise the HIPPA privacy and security rule. Mistakes often happen during billing, transmission of medical records and marketing. Keeping up with addresses can be tasking for healthcare providers therefore if a patient changes address the confidential medical records in form of bills could end up with the wrong patient therefore compromising privacy. Patients are often authorized to access their record. when a patient asks for their records and the healthcare provider confuses a detail such as a name the records may end up in the hands of the wrong patient . Although this might be considered a human error, it is a result of poor data control. Healthcare providers that utile direct mailing for marketing are often at risk of breaching patient data. That happens when a hospital or vendor wants to inform clients of new products but mails to the wrong address; the situation creates a risk where confidential patient data can be accessed by unauthorized individuals.
Section C
I am a privacy officer at Allscripts Enterprise; my position has enabled me implement the company’s privacy policy in association with HIPPA. My position at the company has enabled me enhance my professional skills such as leadership, conflict management, project management, communication and adaptability. Working in a position where I have to provide guidance for the company and employees on HIPPA compliance has helped me nurture my leadership skills. When I assumed the new position I had to create a vision and excitement around the idea of HIPPA compliance additionally, I motivated and inspired employees to follow my vision of making Allscript Enterprise fully compliant to HIPPA Privacy and Security Rule. I inspired and motivated the employees by educating them on the importance of compliance for the organizations and clients. I aligned the employees to my vision through creating an environment where employees felt free to report any incidences without the fear of reprisal. I aligned the employees to my vision by creating awareness on the HIPPA and its importance to all stakeholders. The awareness was created through constant training and brochures left at employees break rooms. I built my leadership skills through establishing relationships with employees, managements and business associates. Conflict may arise between employees and business associates in the course of normal business. I have learnt to develop some conflict management skills to deal with conflicts that might arise in the course of HIPPA application. I have learnt to consider both sides’ points of view and evaluate the leverage for each side. I have developed communication skills in the course of my work. As a privacy officer, I have to communicate constantly with other employees, business associates and clients. Therefore, I have learnt to enunciate my words while articulating my point of view. Additionally I have learnt to be a good listener when employees or business associates relay their complaints. When communication with clients I have learnt to communicate my point of view with clarity and confidence; that often instills confidence in my clients. Communicating concisely with my employees has helped me relay my point of view and ideas on HIPPA compliance. My position at the company has helped me improve my project management skills. When I assumed my position I had to create a campaign to improve compliance of HIPPA at the company, therefore I created a goals and objectives to accomplish my goals. I enrolled all employees to mandatory refresher classes to ensure that they are updated on HIPPA compliance and familiarize with the company’s privacy policy. I was able to evaluate the productivity of the awareness project by involving the employees in optional written tests. The employees who completed the tests displayed a considerable amount of knowledge on HIPPA regulations. My project was completed in a time-frame of three months as I had planned with considerable gains. I boosted all the employees’ morale by appreciating that they took time off their busy schedules to show up for the training sessions. My position at Allscripts required me to adapt to new situations each day. I encounter new situations each day regarding HIPPA compliance. Employees often report situations such as when they are not sure if an individual is authorized to receive patient health information. For instance an employee recently reported a situation where a patient’s son was asking for his mother’s patient health information however, HIPPA only allows the patient to access their records. Adaptability skills come in handy when I have to comply with new HIPPA regulations that might be enacted such as in 2013 when new regulations were enacted.
One of the main ethical issues that might arise when carrying out the responsibilities of a privacy officer is breach of patient health information. Agencies such as insurances are entitled to a limited amount of data to fulfill payments to healthcare providers. However there has always been argument over whether personal health information should be available to health insurance companies and how ethical is that kind of access. It can be argued that authorizing such personal information is unethical whether a patient is forced implicitly (by being provided incentives) or explicitly (As a requirement for coverage). Releasing personal health information containing genetic susceptibility towards a disease might form a basis for insurance companies to deny insurance coverage and consequently effective healthcare. Most of these patients cannot afford proper healthcare denial of coverage might be considered unethical. Health insurers argue that the well-being of their businesses depend on the use of health information to designate all applicants to the suitable risk pools. The main argument against whether insurance providers should receive personal health information is driven by the idea that all individuals have access to health care and allowing insurance companies to pick clients through personal health information is inappropriate and unethical. It is important that the employees release information that is only required for current needs however sometimes mistakes occurs and employees end up providing more information than is necessary. This creates an ethical issue as the patients information could be misused for other uses such as marketing. One privacy breach could affect a huge number of patients or clients. I recently had to deal with a situation where an employee was selling patients records to cyber criminals. The issue I encountered presented ethical and legal issue for the company. More than 30, 000 patients were affected by the breach; their social security numbers, names and addresses were compromised. Breaches in patient health information are one of the main ethical dilemmas I face in the course of carrying out my responsibilities. This is especially true for disclosure to third-party vendors such as insurance companies. There is always the risk that they might breach the business associate agreement and use the patient information to deny a patient care or for marketing purposes. Another main issue in disclosure is revealing patient health information to close relatives without legal representation. Patient health information might only be revealed to relatives selected by the patients to make their decisions when they are incapacitated. However sometimes employees reveal information to close relatives especially when the patient had not appointed a power of attorney. These close relatives might be imposters creating a situation where patient health information is revealed to individuals who might be criminals. Some individuals often obtain patient health information illegally and use it for marketing purposes; that exposes the company to ethical issues.
A privacy officer’s general responsibilities include managing risks, data protection and privacy concerns. Additionally they ensure compliance with regulations such as the Health Insurance Portability and Accountability Act. Most companies often look for privacy officers with experience in legal, technological and management fields. Advanced degrees such as Master of Science in Information Technology or Specialization in Information Technology Management are also an advantage for Privacy officers. A privacy officer is required to comprehend the threats and risks related with the different levels of safeguarding and disseminating information. With the increasing use of electronic medical records where millions of patient data is susceptible to breach the privacy officer needs to have the ability to address the information technology risk factors on how the efficiency of systems can be maximized and risks minimized. A privacy officer needs to have knowledge of encryption technologies as most patient health records is stored in computers and there is increasing need to ensure that this information is secured . Privacy officers need to acquire expertise in encryption technologies to safeguard the confidential information collected and stored. As privacy operation continue to evolve to the world an important skill that would be beneficial for privacy officers will be comprehending how other countries regulate privacy, the laws involved and the regulatory bodies. International privacy laws will also come to play when a company like Allscript decides to outsource to other countries. Privacy officers need to acquire skills on cloud computing and privacy impacts. More information is shared in cloud computing therefore a privacy officer should know whether the information can be shared legally on cloud the terms of privacy and service and the types of protection standards that apply are other crucial skills privacy officers should acquire. A privacy officer should be legal mind with background in healthcare especially in companies such as Allscripts. A privacy officer should have the ability to focus on the future by keeping up with latest innovations, legislation and other indicators that may change the privacy landscape in the near future. The privacy officer should have the ability to communicate concisely since many policies are written vaguely often resulting in noncompliance. A privacy officer is aware that compliant companies strive for transparency in communication among all company stakeholders. a privacy officer should have the ability to be empathetic; although privacy is a major concern when it comes to patient health information it can be an intensely personal issue for patients. Most clients value privacy in diverse ways therefore a privacy officer should have the ability to understand the diverse values across different perspectives. The ability to balance avoiding company liability and interpreting the privacy practices for clients is important.
Conclusion
The essay discussed the privacy and security of patient health information as stipulate by the Health Insurance Portability and Accountability Act (HIPPA) with Allscripts Enterprise as the current workplace example. The HIPPA act of 1996 mandated the Secretary of the U.S Department of Health and Human Services to establish rules to safeguard the security and privacy of certain health information. The Office for Civil Rights is the enforcement agency responsible for enforcing HIPPA regulations. New technologies in healthcare that shifted paper processes to electronic data storage necessitated the need to establish HIPPA. The Chief Privacy and Security Counsel at Allscripts Enterprise provide an opportunity for Allscript employees to comply with HIPPA training. Implementation of HIPPA has improved the quality of services for patients since it has necessitated health care providers and business associates implement safeguards to protect patient health information. Providers of electronic health records services such as Allscripts benefit greatly from the implementation of HIPPA since it has improved efficiency it the running of the organization. HIPPA had aided the streamlining of administrative healthcare functions, enhanced efficiency for most organizations and ensured that protected health information is transmitted securely. All HIPPA covered entities use the same code sets and identifiers therefore the transmission of electronic health information is secure. The Chief Privacy and Security Counsel (CPSC) is responsible for ensuring that the requirements of the privacy policy are implemented to the latter in accordance with HIPPA. The CPSC provides an opportunity for employees to receive training on HIPPA compliance and directs the employees to comply with HIPPA. When a breach occurs the CPSC is responsible for investigating the breach and recommending the appropriate disciplinary actions for the employee. The privacy and security rules provided in HIPPA supports the management of health data by regulating the access storage and transmitting of electronic patient health information. HIPPA requires that electronic medical records systems use data encryption to safeguard patient medical records, data security systems such as firewalls to safeguard the system from unauthorized access and electronic auditing systems. My positions as the privacy officer at the company has enabled me enhance my professional skills such as leadership, conflict management, project management, communication and adaptability. One of the main ethical issues that might arise when carrying out the responsibilities of a privacy officer is breach of patient health information. Most companies often look for privacy officers with experience in legal, technological and management fields. Advanced degrees in information technology are an added advantage for privacy officers. The privacy officer should have skills on cloud computing, encryption and information technology risks. Additionally the privacy officer should have the ability to be a transparent communicator, empathetic and future focused.
References
Boric-Lubecke, O., Gao, X., Yavari, E., Baboli, M., Singh, A., & Lubecke, V. M. (2014, June). E-healthcare: Remote monitoring, privacy, and security. In Microwave Symposium (IMS), 2014 IEEE MTT-S International (pp. 1-3). IEEE.
Kotz, D., Gunter, C. A., Kumar, S., & Weiner, J. P. (2016). Privacy and security in mobile health: a research agenda. Computer , 49 (6), 22.
Yang, J. J., Li, J. Q., & Niu, Y. (2015). A hybrid solution for privacy preserving medical data sharing in the cloud environment. Future Generation Computer Systems , 43 , 74-86.