Archive for the ‘Health Insurance Portability and Accountability Act’ Category

Feds propose stronger patient privacy rights

July 11, 2010

We just saw this on the HIM Circle facebook page (http://www.facebook.com/HIMCircle):

___________________________

The U.S. Department of Health and Human Services (HHS) proposed a new federal healthcare information privacy rule yesterday that would expand patients’ rights to access their information and restrict certain types of disclosures of protected health information to health plans, according to InformationWeek.

The proposed rule is part of the Obama administration’s plan for every citizen to have an electronic medical record by 2014.

The changes are also a response to the Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires HHS to change the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules by strengthening the privacy and security protections for health information.

The proposed rule would strengthen and expand HIPAA privacy, security and enforcement rules by:

• Expanding individuals’ rights to access their information and to restrict certain kinds of disclosures of protected health information to health plans;
• Requiring business associates of HIPAA-covered entities to follow most of the same rules as the covered entities;
• Setting new limitations on the use and disclosure of protected health information for marketing and fund raising; and
• Prohibiting the sale of protected health information without patient authorization.

For more information check out the new HHS Website:
http://www.hhs.gov/healthprivacy/

HIPAA and Its Implications

November 2, 2009

From its birth in the U.S. Congress in 1996, HIPAA has played both normative and authoritative roles with respect to patient privacy as well as health insurance security.  The Health Insurance Portability and Accountability Act (HIPAA) is composed of two separate Titles, each pertaining to issues of health insurance proteHIPAAction for employees and their families during a change or loss of occupation, and medical record privacy.  This article will consider Title II of the Act and some of the ways in which it affects both health care workers and patients.

Title II, Administrative Simplification (AS) provisions, calls for and prescribes the establishment of nationally cohesive standards for all health care transactions, or rather, the use and dissemination of health care information.  Its primary intention is to help protect and retain the privacy of such health care information.  (I.e.: medical records, payment history, etc.)  The AS is comprised of five sets of rules, two of which are relevant to our purposes.  The Privacy Rule pertains to both paper and electronic health care files, and prescribes regulatory measures for both the use and disclosure of protected health information (PHI), being “any information held be a covered entity which concerns health status, providers of health care, or payment for health care that can be linked to an individual”.  This particular rule also requires the training of all individuals working within a medical establishment with regard to the proper procedures concerning both PHI and HIPAA.

Another relevant aspect of HIPAA, with respect to privacy, is a subsection of the Security Rule, a rule that is concerned only with electronic data, known as the Physical Safeguards. This facet of the Act itself attends to the control of physical access in order to protect against any inappropriate entrance into classified data.

HIPAA violations are far from uncommon.  Many are reported, but few are actually prosecuted.  This was not the case, however, in a recent incident involving a nurse in a midsize regional medical establishment.  This individual, Ms. A (whose actual name shall not be disclosed), had been employed by her respective clinic for 5 years and, as of late, was married to a man who had been involved in a car accident for which he was being sued.  She came upon the file of her husband’s plaintiff at her office during the course of the lawsuit, took some notes that had been kept in the plaintiff’s medical file, and brought them home to her husband.  In turn, Mr. A contacted the plaintiff urging him to drop the lawsuit given certain facts regarding what had surfaced in his medical record.  The plaintiff immediately contacted the clinic as well as his attorney.  Ms. A was subsequently and instantaneously fired from her job.  The couple were indicted a month later and charged with violating HIPAA, with “conspiracy to wrongfully disclose individual health information for personal gain with maliciously harmful intent in a personal dispute”, and with witness tampering (which was charged to her husband exclusively).  The charge against Mr. A was dropped after negotiations.  However, Ms. A still faces up to 10 years in prison and up to $250,000 in fines.  Not only this, but the nursing board in her respective state is attempting to have her nursing license revoked.  For the full story, visit http://www.renalandurologynews.com/Staff-Nurse-Faces-Jail-Time-for-HIPAA-Violations/article/119854/

This case is a blatant and highly perceptible situation in which a health care employee violated the boundaries of normative ethical privacy practices in the pursuit of personal gain.  However, no malicious intent need be present in order to carry out such violations.

Though HIPAA has undoubtedly protected innumerable individuals’ health care privacy, it has also raised certain complications as well as costs.  Training with respect to HIPAA has proved to be insufficient and toilsome as a staggering majority of health care workers report being uncertain of its scope and needless to say, its more specific mandates.  Not only this, but costs for medical institutions have significantly increased in tandem with the increase in paperwork required by the Act.  Due to the deducible detriments that have, and may very well continue to occur as a result of such confusion and costs, it is imperative that these matters are resolved by both legislators and by those who manage health care institutions.  

Questions: Do you think Mrs. A and Mr. A faced a fair punishment?  Should Ms. A be subject to high fines and 10 years in prison for her actions?

About the Author: Patricia Heise is a Staff Writer with the Clear Medical Solutions Communication Team.  Her work is regularly shared on the Clear Medical Agency newsletter and the ClearNursingMatters.com blog. 

References:

“Staff Nurse Faces Jail Time for HIPAA Violations.” Ann W. Latner, JD. October 1, 2008. http://www.renalandurologynews.com/Staff-Nurse-Faces-Jail-Time-for-HIPAA-Violations/article/119854/

“Health Insurance Portability and Accountability Act of 1996.” 104th Congress. August 21, 1996. http://aspe.hhs.gov/admnsimp/pl104191.htm

“Health Insurance Portability and Accountability Act.” http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act


%d bloggers like this: