Question

What are the laws that address healthcare breaches?

Answer 1

Privacy is the right to be left alone and to be free of unreasonable personal intrusions. Although in this regard, rules have been followed fairly closely in past court decisions in many countries, the subject matter of concern these days is the personal information data stored with the private data brokers who have no particular bar on the days of storage. The data can be assumed to be possessed with these brokers for an infinite period of time. These data brokers may agree that the right of privacy is not absolutes. Privacy must be balanced against the needs of society. However, the question arises is who shall explain the ‘necessary needs’ definition. One is ought to respect the Government bodies for the privacy information that they possess of the citizens. The Privacy Act prohibits the US government from storing many types of data about its citizens.

After undertaking a research of HIPAA, 1996, it is concluded that:

One of the most critical issues pertaining to the Patient’s rights is the right that revolves around Privacy, especially with regards to the ‘Privacy bills of rights. The evolution of technology has made it now feasible to misrepresent the medical facts of the case for millions of patients stored into the electronic records quite spontaneously.

The laws dealing with the Patient’s privacy rights, are itself so complex and conflicting in nature that the patients now lack any trust about their medical information being safe in the hands of the ones who are supposed to handle the same.

The legislative laws are not very competent to protect the patient’s privacy in terms that the Consumer Privacy Bill of Rights would eliminate the patients to the extent their health information is covered by HIPAA, whereas if offers more privacy rights to the health information not covered by HIPAA since HIPPA does not follow ‘best practices’ standards for privacy protection of the patients.

Another major challenge is patient’s concealing nature of health information that itself misleads the Healthcare providers to properly treat the patients. However, it should be noted that the concealing mainly happens because the patients lack trust in the Healthcare department that their health information would be in secured hands. The Patients’ records are controlled itself pose as a big threat to the Patient’s rights since the electronic information so stored is exposed for accessibility.

Therefore in terms of System Security Evaluation, an HR teammate has poor ethics, they could potential sell and/or compromise employees’ sensitive information by sharing it with other people. To prevent this, the Hospitals and the other Companies could undertake certain elements of a compliance auditing and monitoring work plan which could be as under:

1. Security: This should involve review of various administrative procedures to ensure the data were secured as per the procedures. There should also be a review of physical safeguards of safety of Computers or other important equipments, various other systems in place, etc Further, technical security services and mechanisms should also be evaluated. Also, in cases where electronic signatures are used, there should be an examination of the provisions governing the same.
2. Business associates: Addressing to the issues pertaining to any non-compliance of business associates agreement and maintaining the current list of associates to ensure there are no malpractices occurring in the Organization on the basis of the transactions entered on the names of the past associates.
3. Privacy: The audit should cover the areas that are specified for Privacy under HIPAA compliance (in case of an Organization pertaining to healthcare) especially with respect to the Administrative requirements such as appointment of privacy official to supersede the matter pertaining to the privacy of the Organization, appropriate disclosure of member information, etc.

Also, with regards to the privacy, the information manager of the Company may encourage ethical conduct in the policies and services in the following ways:

• The professionals or employees undertaking any task should be clearly defined what is expected out of him in his duty to serve the customers and to the community at large. This would help to make them accountable in case of any deviation from the set targets and expectations.
• Both the ethical and legal consequences of such liability should be explained well to such these professionals and employees. Awareness helps them be more cautious towards their activities. Deliberate liability would be taken actions upon thus more sternly.
• However, often there are cases where liability on one particular team or on one employee could not be ascertained. In such a case, more care should be taken in giving the accused the chance to prove their stance.

To tackle with the breach of privacy issues under HIPAA, it could be prevented with stringent supervision over the exploitation of IT in healthcare services in terms of maintaining the health records may help to curb this problem to some extent. Also, it is to be noted that the patients also have the rights to avail austere quality care measures. Hence we could have emphasized more upon the quality aspect of our Institution for the reason with the technological advancement; there has been an urgent need for the Healthcare Organizations to align its activities with technology so as to achieve the desired results more efficiently. Therefore, with adoption of new methods in the field of technology, along with efficiency, there would be a reduction on the overall costs of the Organization too as well as quality would ensure the safety within the Organization such that the patients can rest assured that the there would not be any information breaches.