Question

Discuss the Health Insurance Portability and Accountability Act (HIPAA). Include the following:

1. Why was the law implemented.

2. What are the major aspects of HIPAA?

3. What are some examples of HIPAA violation?

Answer 1

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

The Health Insurance Portability and Accountability Act of 1996 as enacted by the 104th United States Congress and signed by President Bill Clinton in 1996. It was initially introduced as the Kennedy - Kassebaum Bill.

The law was implemented primarily to:

• Modernize the flow of healthcare information
• Stipulate how personally identifiable information maintained by the healthcare
• healthcare insurance industries should be protected from fraud and theft
• address limitations on healthcare insurance coverage.

The act was passed in 1996 with two objectives:

• One was to ensure that individuals would be able to maintain their health insurance between jobs. It is relatively straight forward and has been successfully implemented.
• The second part of the act is the Accountability portion. This section is designed to ensure the security and confidentiality of patient information or data. In addition, it mandates uniform standards for electronic data transmission of administrative and financial data relating to patient health information.

Major aspects of HIPAA

There are four key aspects of HIPAA that make it important for patients:

1. Privacy of health information.
2. Security of health data.
3. Notification of breaches of medical records.
4. The right to obtain copies of healthcare data.

1) Privacy of health information.

The HIPAA Privacy Rule restricts the the individuals ho are able to view and share healthcare data without obtaining permission from patients. Generally speaking, access to health data is restricted to healthcare employees who need to view health and personal information inorder to provide healthcare services and perform any administration duties.

2)Security of health data.

HIPAA requires healthcare organizations to implement safeguards to ensure any health data created, stored, maintained or transmitted is kept secure at all times.This will ensure that hackers and other cybercriminals cannot gain access to patients and plan members health information.

3)Notification of breaches of medical records.

HIPAA requires healthcare organisations and their business associatesto issue notifications to patients when healthdata is compromised or stolen. This allows breach victims to take action to protect their identities and reduce the risk of becoming a victim of fraud.

4) The right to obtain copies of healthcare data.

HIPAA gives patients the right to obtain copies of the health information created or held by healthcare organisations. By obtaining copies of health data, patients can take a much more active role in their own health.

HPAA Violations

According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013, it received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Department of Justice as criminal actions.

Various types of violations includes:

• Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA
• HIPAA violation due to reasonable cause and not due to willful neglect
• HIPAA violation due to willful neglect but violation is corrected within the required time period
• HIPAA violation is due to willful neglect and is not corrected
• Covered entities and specified individuals who "knowingly" obtain or disclose individually identifiable health information
• Offenses committed under false pretenses
• Offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm.

Examples of significant breaches of protected information and other HIPAA violations include:

• The largest loss of data that affected 4.9 million people by Tricare Management of Virginia in 2011.
• The largest fines of $5.5 million levied against Memorial Healthcare Systems in 2017 for accessing confidential information of 115,143 patients and of $4.3 million levied against Cignet Health of Maryland in 2010 for ignoring patients' requests to obtain copies of their own records and repeated ignoring of federal officials' inquiries.
• The first criminal indictment was lodged in 2011 against a Virginia physician who shared information with a patient's employer "under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when in fact he knew that the patient was not such a threat."