This study analyzes the breach notification in healthcare. It discusses various breaches which have occurred across the United States and European Union. It therefore discuss certain regulations which had been passed by governments across the world to ensure that privacy of patients are not violated. It finally discuss how health workers can ensure that these laws are not violated.
Breach Notification
The confidentiality of medical and personal information of every patients or other individual is a serious issue in the health sector. However, governments such the United States and European Union have put into operation data breach notification rules that cover the health care fraternity. Therefore, breach notification can be defined as rules and regulation which protects or control the unlawful access to data of an individual (Jim Tiller, 2011).
Mostly data breach normally occurs when there is a loss or theft of or access to unauthorized information with sensitive private information which might result to comprise of confidentiality or integrity of the data. Therefore, the United States (U.S.) and the European Union (EU) enacted laws to regulate the breach of personal data of patients. (Gina Stevens, 2012). For example, in the United States, "HITECH Act, Pub L. 111-5 Title XIII," was the first federal health breach notification law to be initiated to protect personal data. In Europe, the governments enacted European Union Privacy Directive, 2009/136/EC which called for tougher privacy protection for data held by electronic communication providers (Gina Stevens, 2012).
However, in last decade several cases of healthcare breach have been reported, with a number of them ending before the court of law. Therefore, according to Howard Anderson (2009) on Healthcare Tally breach, he stated that in September 2009 approximated four hundred and nine cases were reported which affected 19.2 million individuals across the United States (Howard Anderson, 2009). The cases graphically scaling yearly, because early January 2011 alone more than one hundred and forty five breaches were reported and the trend continues to scale up. Therefore, the right laws and strict measures are needed to ensure that the law is adhered to in away to safe the confidentiality of the personal data (Howard Anderson, 2009).
Moreover, the breach notification is categorized as major and minor depends with magnitude of the effects it causes. These however caused by hacking, some involve "Tricare," carelessness in handle healthcare information, breach of ethnic code which state the confidentiality of personal data stored by healthcare facilities across the country. Again, some of the data breach is caused by employees, when he/she reviles the content of patient's data in the hospital. Therefore, HIPAA Privacy Rule has been enacted to restore confidence in health care sector (Jim Tiller, 2011.
HIPAA Rule
In HIPAA rule, is therefore enacted by the government to regulate how health professionals handle information regarding the privacy of patients. The rule brought in away that victims can report any abuse, neglect or domestic violence to the relevant authority and that kind of information still remains trusted with them. It however creates a protocol in which patients can report any abuse of privacy by the healthcare professionals.
Furthermore, since September 23, 2009 when the Breach Notification became effective, it is difficult to access data of any patients or any individual without his/her consent. Even the authority is required to seek authorized acquisition, access, use or disclosure of such information from the court of law. This to emphasize that breach" being the acquisition, access, use or disclosure of protected health information in a manner not permitted under HIPAA privacy rules and also compromises the security or privacy of the protected health information is seriously prohibited.
Again, the HIPAA rule requires an authorization contain certain elements and statements of such data of any patient should be signed and counter signed by his/her lawyer. And, therefore incomplete authorization is not sufficient and must be rejected. For example the second breach which was reported for Health Net of California, when a health worker reported that the data of a patients couldn't be located and missing from the server.
This therefore affected 1.9M plan beneficiaries. It however reported that a hospital employee steals and sells patient information for personal profit, in violation of patient's privilege and rights. However, criminal penalties for such act could be as much as $1.5 million and/or 10 years in jail. Tally of major healthcare information breaches has been growing relatively slowly the past two months. It now includes 409 incidents affecting almost 19.2 million individuals since September 2009.
You’re 88% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.