Health Insurance Portability and Accountability Act Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

High Insurance Portability

Health Insurance Portability & Accountability Act

Some hope was given for the current legal environment to become better defined for health-care providers when Health Insurance Portability & Accountability Act (HIPAA) was passed by the in 1996. As previously mentioned, HIPAA is a monumental act that attempts to address and incorporate all three issues-- privacy, confidentiality, and security within one law. When HIPAA was passed, many applauded the portability aspects of HIPAA that allowed for continuing healthcare coverage for individuals who lost their jobs and attendant healthcare insurance. But few back in 1996 anticipated the dramatic impact that HIPAA would have later on the privacy and security of patient's health information in the United States.

HIPAA Legislation History

HIPAA legislation was passed in the year 1996. Title I of the regulation dealt with the health insurance coverage of the public and their immediate family when they lost their jobs. Title II of HIPAA concerned "administrative simplification" that necessitated Congress in future years to establish standards and rules for the transmission of health information electronically and the privacy and security of that information before 1999 (HIPAA, 1996). Within the HIPAA legislation itself, Congress imposed a deadline on itself to provide for health privacy and security under the administrative simplification aspects of HIPAA. But because Congress did not act in this regard in a timely manner, HIPAA had a fallback whereby its authority to create such rules would eventually expire and transfer to the United States Department of Health and Human Services (HHS). In 1999, HHS was suddenly charged through HIPAA with creating broad federal rules to protect health information privacy and security. Therefore, on December 28, 2000, HHS issued proposed rules for the privacy of healthcare in America, referred to as the HIPAA Privacy Rules.

The new proposed HIPAA Privacy Rules were initially met with heated resistance from the healthcare provider community, with the American Hospital Association claiming that the HIPAA Privacy Rules would be burdensome and would increase cost and paperwork in the form of consents and other types of authorizations and compliance that the proposed Privacy Rules envisioned (HIPAA, 1996). Not to be outdone, the American Association of Physicians and Surgeons filed a federal lawsuit in Houston, Texas, to block the implementation of the Privacy Rules for the same reasons, indicating that it would cause much undue hardship on physicians and physician practices, and impose greater costs with no real benefits. Eventually, after significant revision to the proposed Privacy Rules, the lawsuits and lobbying efforts stopped, and focus turned toward reluctant compliance with the new HIPAA Privacy Rules. Compromises were made with HHS and revisions were made to the Privacy Rules, and a new compliance date was set for April 14, 2003. The Security Rules went into effect on April 21, 2005 (Erikson, Miller, 2005)

HIPAA

HIPAA has changed the way information regarding the patient documented, reserved, stored, and shared between the healthcare professionals (HIPAA, 1996). This regulation has also modified the way people are insured and compensated. HIPPA legislation was intended to provide the following:

• restrict fraud and abuse in health care

• implement set rules and standards regarding health information, • promise the security and privacy of health information, • guarantee health care insurance for people.

Enforcement

HHS designated the Office for Civil Rights (OCR) as the enforcer of the HIPAA Privacy Rules, and OCR quickly indicated that it would emphasize assisting providers to move toward voluntary compliance with the Privacy Rules instead of imposing penalties for violations initially. Within one year of the enactment, there were over 4755 complaints filed with OCR for privacy violations. A year later, over 10,785 complaints were filed. It was noted by HHS that majority of the complaints were related to impermissible use of patient health information.

Other than certain high-profile cases, HIPAA privacy enforcement was relatively low-key over the first six years of the HIPAA Privacy Rules (Buckovich, 2000).

Eventually, as time has gone by, most healthcare providers in the United States have fully embraced the HIPAA Privacy and Security Rules, and generally HIPAA has been touted as a key law for the protection of patients everywhere. The initial reluctance to comply with HIPAA Privacy and Security Rules has now been replaced with a desire to become fully HIPAA- compliant, even as a public relations tool to foster goodwill with patients across the United States. As new healthcare providers enter the workforce, many HIPAA compliance programs have gathered dust or are not adhered to as strongly as before, especially in light of the relatively mild enforcement to date of the HIPAA Privacy and Security Rules (Wills, 2002).

However, that seems to be changing with the Obama Administration, and more and more providers are becoming aware that HIPAA privacy and security compliance is more important than ever, especially in light of the changes forthcoming through the HITECH Act and the proliferation of electronic health records (EHRs).

Steps Needed To Be Taken To Implement HIPAA Effectively

HIPAA signifies at least a first step toward protecting the privacy, confidentiality, and security of health information. However, only time will tell how well the law's intent will be met. DHHS' proposed security rules have already resulted in negative reactions from many provider organizations. Many provider and health-plan associations have vigorously opposed the proposed rules because of fears that the regulations will actually increase administrative burdens and costs. Congress has not yet enacted privacy legislation although it considered a few bills introduced in early 1999. It became obvious during the 1999 Congressional discussions of medical privacy that many controversial issues must be resolved if Congress is to pass national privacy legislation. Some of the major issues that have to be resolved include: (Gostin, 2000).

• Balancing privacy rights with those who need access to information

• Defining the categories of information that should be protected (e.g., "identifiable" versus all health information)

• Determining which entities or persons should have access to what kinds of information (e.g., employers, insurance companies, pharmacies, research institutions)

• Deciding what legal proceeding will be required for enforcement of laws regarding access to medical information (warrant or a less stringent legal procedure)

• Determining the extent of federal law preemption ("ceiling" preemption means federal law supersedes all state laws; "floor" preemption means states may pass more stringent laws)

• Defining when patient authorization is required for information disclosure for primary (medical care) and secondary (research, marketing, etc.) uses of information

• Determining enforcement mechanisms

Implementation of HIPAA and Current Status

During the initial stages of HIPAA Privacy Rule implementation, there was a considerable amount of confusion regarding what the HIPAA Privacy Rules provide and what they require given the length and breadth of the regulations themselves. But after some time the healthcare providers fine-tuned their HIPAA programs. However, recently -- and it seems to happen in waves -- new or unsophisticated healthcare providers have been falling into the many traps of "HIPAA-mania," only to find themselves being noncompliant with the true requirements of the HIPAA Privacy Rules (Rosati, 2002). HIPAA provides a benchmark to protect patient information for nurses.

Industry Lessons Learned

According to healthcare related professionals the HIPAA Privacy and Security Rules suffer from several significant flaws and thus a number of lessons have been learned from the implementation of HIPAA: (Buckovich, 2000)

First, the rules cover only health plans, physicians, and health care providers who transfer electronic PHI for reimbursement or benefits purposes. Consequently, employers, marketers, operators of websites who provide medical advice or sell medicine who have EHI are exempted from the HIPAA law. Even physicians who require cash payments from patients upon provision of care and therefore do not bill any party or interact with insurers fall outside the jurisdiction of the rules. This narrow scope of coverage is creating problems because these parties contain health information and are not held accountable for using it in any way they want.

Second, the HIPAA Privacy Rule limits the information patients can gain about their EHI. It allows patients to review and get duplicates of their medical records from protected bodies as well as to request revisions of incorrect information. However, the rule does not enable data subjects to verify the origins of information or to inquire about the purposes for which it is maintained. As more and more parties process and utilize EHI for their own business objectives, there are growing dangers of hacking, theft, the development of illicit health information markets, and other forms of malfeasance (Buckovich, 2000). Thus patients might increasingly find that unexpected people or organizations possess their EHI and become increasingly concerned that the data will be used in harmful and inappropriate ways. Without an ability to submit inquiries to covered entities concerning the origins and use of their medical data, health care consumers have little power to track their EHI and try to prevent its exploitation.

Finally, the HIPAA Privacy Rule has been criticized for providing ineffectual privacy protections because it fails to adequately limit disclosures and empower data subjects. For…[continue]

Cite This Term Paper:

"Health Insurance Portability And Accountability Act" (2012, July 21) Retrieved December 4, 2016, from http://www.paperdue.com/essay/health-insurance-portability-and-accountability-110068

"Health Insurance Portability And Accountability Act" 21 July 2012. Web.4 December. 2016. <http://www.paperdue.com/essay/health-insurance-portability-and-accountability-110068>

"Health Insurance Portability And Accountability Act", 21 July 2012, Accessed.4 December. 2016, http://www.paperdue.com/essay/health-insurance-portability-and-accountability-110068

Other Documents Pertaining To This Topic

  • Health Insurance Portability and Accountability Act HIPAA

    Health Insurance Portability and Accountability Act (HIPAA) Discuss whether there has been a violation of Health Insurance Portability and Accountability Act (HIPAA)? There are no court rulings that can shed light on the issue. However going by the given facts, it is as follows: "Dr. Williams shows Joan's medical records to a friend for advice. His friend tells Dr. Williams to contact his medical malpractice insurance carrier." The problem here is if

  • Health Insurance Portability and Accountability Act HIPAA

    Health Information Portability Accounting Act (HIPAA, went into effect the first quarter of 2003. Indeed, HIPAA creates federally mandated requirements regarding protected health information (PHI) that can impact any employer, regardless of its size, location or industry. Government estimates place the price tag for compliance within the public and private sectors at an estimated $22 billion. While the Privacy Rules were not aimed at regulating non-medical employers, employers who sponsor

  • Health Insurance Portability and Accountability Act HIPAA

    Health Insurance Portability and Accountability Act (HIPAA) of 1996 provided for the better management of health information as well as increased health coverage for target entities. Of particular emphasis the law has is the privacy and security of health information. Prior to the implementation of HIPAA, there was an ad hoc management of health information and health coverage is very limited. Often disparate policies and standards are used from

  • HIPAA the Health Insurance Portability and Accountability Act of...

    HIPAA (the Health Insurance Portability and Accountability Act of 1996) and Recent Changes On August 21, 1996 a new law was signed called the Health Insurance Portability and Accounting Act of 1996, which is abbreviated as HIPPA (HEP-C, 2003 & Regence, 2003). The law guarantees many things to American workers, including continuous healthcare coverage for people who are changing jobs (DC, 2003). HIPPA also includes a provision that details the manner

  • Health Insurance Portability and Accountability

    d.) the variations HIPAA necessitates would be sufficient and the changes would be accompanied by remarkable uneasiness in several respects. Functioning in the type of high-security setting visualized by the proposed HIPAA security regulations would imply functioning under regular surveillance and with concentration to making medical record information as being secure. Whether in relation to paper or electronic form, information relating to medical record could not be any longer

  • Health Insurance Portability and Accountability

    The dilemma is often easier to resolve once those emotions and assumptions are put into their rightful context. For this paper, critical thinking came into play was logic. It is understood that initially the nursing profession had issues with HIPAA. These issues were practical, however, and when the law was matched up against the underlying principles and the Code of Ethics, it became apparent that the guidelines that can be

  • Cobra Health Insurance Health Insurance How Cobra

    COBRA Health Insurance Health Insurance How COBRA Works Davis was terminated from his employment because of long absence from work and not because he voluntarily resigned or any gross negligence on his part. Therefore, he and his family are eligible for health insurance coverage under the Consolidated Omnibus Budget Reconciliation Act (COBRA) provided his company maintains its group health plan and still has 20 or more employees for which they currently have 100.


Read Full Term Paper
Copyright 2016 . All Rights Reserved