HIPAA Laws Essays - , Term Papers, Research Papers

The Health Insurance Portability and Accountability Act of 1996 was a law signed on August 21st 1996 by former United States President Bill Clinton. The law is also known as Kassenbaum-Kennedy Health Insurance reform bill. There are two sections to the HIPAA Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. HIPAA has four main goals. The first is to provide persons with group coverage new protections from discriminatory treatment. The second is to enable small groups (such as businesses with a small number of employees) to obtain and keep health insurance coverage more easily. The third is to give persons losing/leaving group coverage new options for obtaining individual coverage. The fourth is to ensure the confidentiality of health information and maintain certain safeguards for your pri vate health information. Enforcement of the bill began on April 14th 2003 with the focal point of health care shifting to privacy. The enforcement of this bill greatly affected patient?s rights to privacy and also how medical personnel were to be trained in matters regarding privacy. HIPAA (Health Information Insurance and Accountability Act) at my organization is taken very serious we have mandatory training every year to ensure that we know how to handle a request for information. Information to be released must have a valid consent. There is also a minimum only what is necessary is what we release. We also deal with subpoenas and court order request that also must follow HIPAA guidelines. Regulatory issues dealing with at my organization right now is RHIO regional health information organization. It falls under the umbrella of HIPAA. In order for information (or the electronic medical record) to be shared in the RHIO a HIPAA consent must be signed and be on file giving the organization permission to share your health information. The RHIO just makes it easier for information to be shared between different organizations. With the RHIO, information is kept in a central location and can be shared with all involved as long as consent has been given. This way if yo u have a primary doctor then you have to see a specialist all the information will be in the system and you will not have to have double work done. Because each provider can see what the other one is doing or did do. There are a variety of scenarios that exist. Most HIPAA violations are common and avoidable; they include some of the following characteristics, unencrypted data, employee error, data stored on devices lost or stolen, business associates, and a lapse in notification. The vast majority of data breaches are due to stolen or lost data that was unencrypted. A common theme includes the data archiving method of using backup tapes to store patient health records. Employee error involves a number of things, an employee leaving unencrypted backup tapes in their vehicles while parked off premises, mistakenly sending information to the wrong person, and disclosing sensitive information on social media networks that could be personally identifiable. Almost half of all data breaches can be attributed to theft. When portable devices are not properly secured with passwords or other security methods, the risk of a breach increases considerably. Sixty-two percent of data breaches involve a business a ssociate. Sharing medical information with a business associate is in complete breach with HIPAA. Another mistake made in many HIPAA violation cases is the date of notification to HHS (Health The penalties and fines for a HIPAA violation range from monetary to potential imprisonment for criminal offenses. They are listed below in the following table: VIOLATION TYPEMINIMUM PENALTYMAXIMUM PENALTY Individual did not know they violated HIPAA$100/violation; annual max of $25,000/repeat violations$50,000/violation; annual max of $1.5 million Reasonable cause and not willful neglect$1,000/violation; annual max of $100,000/repeat violations$50,000/violation; annual max of $1.5 million Willful neglect but corrected within time$10,000/violation; annual max of $250,000/repeat violations$50,000/violation; annual max of