Health care law privacy and confidentiality

Health Care Law, Privacy and Confidentiality

Imagine studying the Health Information Portability Accountability Act (HIPAA) from the perspective of a consumer. How are various agencies accountable to this law? What are the rights of the individual? Are businesses obligated to it? One will discuss the various avenues in which health care privacy needs addressed through the benefits and setbacks of it.

A variety of businesses are required to obey HIPAA. These include "health plans, most healthcare providers and healthcare clearinghouses" (U.S. Department of Health and Human Services, 2011). The insurance plans are those that are set forth by places, such as Coventry or Blue Cross and Blue Shield (U.S. Department of Health and Human Services, 2011). Some of them are covered by the government, which include "Medicare and Medicaid" (U.S. Department of Health and Human Services, 2011). Furthermore, providers are those that are doctors as well as any kind of clinic or hospital that is available at one's location. This also refers to nursing homes too. Clearinghouses are where the health information is outsourced, such as Outcomes Health Information Solutions. These particular businesses conduct audits in order to make sure that medical places are in compliance with HIPAA law (U.S. Department of Health and Human Services, 2011). Certain organizations are not required to obey HIPAA.

In regards to a health insurer, one "does not become a business associate simply by providing health insurance or health coverage to a group health plan" (U.S. Department of Health and Human Services, 2011). The relationship occurs through "the Privacy Rule as an organized health care arrangement (OHCA)"

with those that they serve on a regular basis (U.S. Department of Health and Human Services, 2011).

As a result, they are allowed to share PHI in joint with OHCA. In some cases, they are considered a business associate if one is not directly related to the health care itself (U.S. Department of Health and Human Services, 2011).

HIPAA is not applicable with all organizations. This includes those that are "life insurers, employers, workers compensation carriers, many schools and school districts, many state agencies, many law enforcement agencies and municipal offices" (U.S. Department of Health and Human Services, 2011). All of these businesses do not have to become concerned about this particular legal issues pertaining to HIPAA. One needs to note what ways the data is protected for the consumer in order to protect the person from experiencing any kind of possible breach.

Who Must Follow These Laws

The protected information is important, so that a person is at ease with others knowing it in the medical field. This includes anything that the "doctors, nurses, and other health care providers put in the medical record" (U.S. Department of Health and Human Services, 2011). Any kind of conversation that takes place; this includes about the individual itself (U.S. Department of Health and Human Services, 2011). One's own billing data and other "health information" that an individual may encounter about the patient (U.S. Department of Health and Human Services, 2011). These are crucial, especially in how the record is shielded.

HIPAA has measures in place for how the information is protected. Medical businesses have to use safeguards. Each of them are required to have limits as well as disclosures. This includes having contractors with the data, and an organization is to have procedures on who can and cannot view it (U.S. Department of Health and Human Services, 2011). All of these are important because a variety of people go into a medical firm on a regular basis for certain services; however, if nothing is in place, then one can do everything possible and choose to exploit it to their advantage. A person does have rights with their health documentation.

The covered entities inform the patient of their rights each time they are visiting a new doctor or about to have an operation. Each individual can ask if they can have a copy of their medial record. He or she can correct anything on it. Notices are sent out to let him or her know that their information could get shared. The person is allowed to make a decision on whether or not to give permission before it is shared. Furthermore, he or she can request a report (U.S. Department of Health and Human Services, 2011). The patient can also complain to the provider and the insurer as well as "the U.S. Government" (U.S. Department of Health and Human Services, 2011). Privacy rules are in place on who can look at the facts due to the limitations that are in place (U.S. Department of Health and Human Services, 2011).

Specific people are allowed to look at the health figures. These include anyone during the treatment or the coordination of the care. Anyone who would like paid for the service provided to the patient. The person's family members or friends who have a part in their loved one's health can take on an active role. This allows for safety when care is done as well as to protect those in public. Additionally, medical personnel could make a report out with the police. Regardless, a person cannot do anything without it getting done in writing from the patient itself. For example, those who do some level of marketing as well as share notes in private with one's health information (U.S. Department of Health and Human Services, 2011). Who Is Not Required to Follow These LawsWhat Information Is Protected

One needs to define a business associate. This is an individual who "performs certain functions or activities on behalf of, or provides certain services, to a covered entity that involve the disclosure of individually identifiable health information" (U.S. Department of Health and Human Services OCR, 2011). Their functions can range from data analysis to those that include financial services. Those that do not deal with health information do have to become concerned about disclosing them to anyone (U.S. Department of Health and Human Services OCR, 2011).

A contract occurs with the business entity. For example, protections are set forth by means of having a written agreement; however, other places may choose to do this in a different manner. Through this, specific safeguards are enacted with the protected health information (PHI). The business also does not have to allow the information to get disclosed as well. However, those that are covered units already have a contract with that of the business associate before 2002; consequently, these were not renewed it in 2004, despite the modification in 2003 (U.S. Department of Health and Human Services OCR, 2011). This can make one become afraid because of knowing that employers could get access to this information if they have a contract with a medical facility, and the patient can decide whether or not this is the case with their PHI.

One has to note that with "the privacy rule, a covered entity such as a doctor can contact a patient using a Telecommunications Relay Service (TRS), without the need for a business associate contract with the TRS" (U.S. Department of Health and Human Services, 2011). This is allowed due to the fact that a contract is not needed with a business associate (U.S. Department of Health and Human Services, 2011).

By using the TRS, this allows someone who has speech and hearing impairments through the means of "using a communications assistant (CA) who transliterates conversations" (U.S. Department of Health and Human Services, 2011). Through this, PHI is conveyed through TTY (text and telephone), and voice is used to communicate (U.S. Department of Health and Human Services, 2011). Everyone has to comply in accordance to "the Federal Communications Commission" (U.S. Department of Health and Human Services, 2011). No contract is needed in order to provide it at no cost and is not considered a business associate. As a result, one can use this as a means of sharing PHI on the telephone, which gives one an opportunity to disclose the needed information (U.S. Department of Health and Human Services, 2011). This protects the health care provider and the patient when information is disclosed in this matter. An individual needs to understand the rule of the patient that is used for safety.

How Is This Information ProtectedWhat Rights Does the Privacy Rule Give Me Over My Health InformationOne needs to define "the patient safety rule," that was set forth on November 21, 2008 but did not take effect until 2009. This is done as a means of the PSQIA. The OCR can interpret as well as implement the protections of confidentiality and enforcement (U.S. Department of Health and Human Services, 2011). Furthermore, AHRQ can choose to "list and delist" the organizations that wish to not comply to HIPAA regulations (U.S. Department of Health and Human Services, 2011). With subpart a, the terms are defined and this also includes PSO. However, subpart B demonstrates what requirements are needed as a means for the PSOs (U.S. Department of Health and Human Services, 2011). "These entities offer their expert advice in analyzing the patient safety events and other information they collect or develop to provide feedback and recommendations to providers" (U.S. Department of Health and Human Services, 2011). Furthermore, subpart C explains the privileges and the protections of confidentiality that is attached to the patient's record along with much exception (U.S. Department of Health and Human Services, 2011).

The penalty for anyone who breaks confidentiality is imperative. In "November, 23, 2009" was increased to $11,000 (U.S. Department of Health and Human Services, 2011). This goes for anyone in the medical field or has access to this information. A person has to follow HIPAA precisely or face a huge fine. If one thought of this ahead of time, whether or not they own a business, then no issues would arise legally. However, sometimes this does occur, especially for those who want to harm another person, yet in the medical field the goal is not to do this to any individual, regardless, otherwise he or she could face losing their license in the process. This is a downfall to HIPAA because not everyone can pay this much and more that goes with the consequences of breaking the law. Ultimately, the choice is up to the individual and hopefully it is the right one.

One needs to understand the education setting in regards to health records. When anyone is "acting on behalf of a school subject to FERPA," this includes a school nurse (U.S. Department of Health and Human Services, 2011). If they have actual medical records that are in that environment, then HIPAA does apply to them. The entity is protected under this law. However, some places do provide services to students that are not under contract (U.S. Department of Health and Human Services, 2011). With these particular circumstances, one has to note that they are not under FERPA, and whether or not they are "on school grounds" (U.S. Department of Health and Human Services, 2011). This is because they are on behalf of another organization. For any reason, a school who wanted to disclose any part of the records would have to comply to FERPA by obtaining the consent from the parents (U.S. Department of Health and Human Services, 2011).

In regards to HIPAA, "even where the student health records maintained by a health care provider are not education records protected by FERPA, the HIPAA Privacy Rule would apply to such records" (U.S. Department of Health and Human Services, 2011). This is the case if a transaction occurred electronically, though. For example, the billing of a specific plan from Blue Cross and Blue Shield that was a service. In this particular scenario, the provider is covered under HIPAA (U.S. Department of Health and Human Services, 2011).

As one can note, education institutions are not exempt from HIPAA. In fact, they have to comply to it as if they were a medical clinic. Since every district has a school nurse, he or she has to comply, especially since a medical record is present within the firm itself. This is unavoidable due to the law and those that are providing services to parents' children year 'round. If a mother or father consents to anything, this has to get done in writing, so that no legal issues arise. This protects the close relative, business and nurse (U.S. Department of Health and Human Services, 2011).

One needs to discuss how the public authorities deal with PHI and HIPAA. The rule does apply to them in order to deal with any threat, such as an emergency or bioterrorism (U.S. Department of Health and Human Services, 2011). "To facilitate the communications that are essential to a quick and effective response to such events, the Privacy Rule permits covered entities to disclose needed information to public officials in a variety of ways" (U.S. Department of Health and Human Services, 2011). Furthermore, covered entities are allowed to give out the PHI without a person's knowledge or authorization to someone who works for the public. This is usually if an emergency arises that requires law enforcement of any kind (U.S. Department of Health and Human Services, 2011).

A state agency is important. When it is not a covered location, then it is not required to comply with HIPAA; however, if anything is disclosed about a public health record, then they are subject to it. However, an agency that is covered HIPAA does have to comply to the disclosure of PHI (U.S. Department of Health and Human Services, 2011). With the privacy law in mind, one has to adhere to "the privacy rule" (U.S. Department of Health and Human Services, 2011). For example, an exemption can occur when there is a "freedom of information law" (U.S. Department of Health and Human Services, 2011).

Now it is crucial to discuss the role of law enforcement in regards to HIPAA. "The Privacy Rule is balanced to protect an individual's privacy while allowing important law enforcement functions to continue" (U.S. Department of Health and Human Services, 2011). Conditions are worth mentioning with those involved in this particular area of public service. When it comes to a warrant that is issued by a judge, the rule does recognize the legality of it and does provide protection of a person's PHI. In regards to the administrative aspect, a subpoena is needed or for law enforcement to have something in writing. This is because when a request is done, one can do so without the involvement of a judge. For police to locate or identify a person, PHI can get used in this particular case (U.S. Department of Health and Human Services, 2011).

Some more information can get reported to those in law enforcement. One can note that this is with a suspect in regards to a crime that was told by the victim. This is covered by the workforce. Anyone who has confessed a crime, HIPAA applies as well, especially if he or she undergoes counseling. If the victim agrees to have PHI disclosed with a requested provided to him or her, then this not used against the individual but used with judgment that is professional (U.S. Department of Health and Human Services, 2011).

The rule applies to those that are victims of abuse of any kind. Law enforcement is not required to use a report as a means for PHI. However, with abuse or neglect, one has to consent, and the law requires one to get information. Professional judgment is a requisite and a notice is possibly needed. PHI may need to get to those in enforcing the law. For example, this could include someone who endured a gunshot wound. At this time, PHI has to get disclosed in order to get proper care to the individual (U.S. Department of Health and Human Services, 2011).

The same applies for someone who has died or the suspicion of it from a criminal (U.S. Department of Health and Human Services, 2011). Medical examiners are to comply so that they can "determine the cause of death, or carry out their authorized duties" (U.S. Department of Health and Human Services, 2011). All of this is done in good faith if something occurred where a person lives for the purpose of PHI. If there is a medical emergency, then one may have to alert those in law enforcement. This is because one has to report the crime with all the necessary details. Regardless, those who enforce the law can do so to prevent crime as well as assist with health matters. One has to note that this is true for federal officials as well when using PHI for health care to get provided to those who need it (U.S. Department of Health and Human Services, 2011). All of them are supposed to use what information is needed for law enforcement purposes. If the entity has the data needed, then those in authority can request the PHI (U.S. Department of Health and Human Services, 2011).

With housing and employment purposes, no one is to endure discrimination in any way in achieving their dreams. HIPAA does not apply to these entities, instead "the Equal Opportunity Commission does when it comes to hiring a person to work for a particular business" (U.S. Department of Health and Human Services, 2011). Regardless, an individual is not to discriminate no matter how many employees work for him or her as well as with their background (U.S. Department of Health and Human Services, 2011). Furthermore, "the U.S. Department of Justice" is important when it comes to anyone wanting to have a home or is stereotyped unjustly (U.S. Department of Health and Human Services, 2011).

The "Social Security Administration" is another business that handles these matters (U.S. Department of Health and Human Services, 2011). They are allowed to make sure that compliance is occurring in conjunction with OCR. This includes technical assistance on ways in which to volunteer PHI with the law. Through this, outreach is done on a nationwide basis in order to reinforce it (U.S. Department of Health and Human Services, 2011).

What one needs to keep in mind is that if one is unsure about the law, he or she can contact HIPAA at anytime if they have any questions. Law enforcement, medical personnel, education institutions all are to comply with it. The goal is to not face an $11,000 fine, and to comply to the legal issues that could arise by not complying to what is available (U.S. Department of Health and Human Services, 2011). Whatever the case, one has to take it seriously. One now has to understand how a lawyer fits into the scenario as well.

The pros and cons are worth noting in regards to all these topical areas. In regards to the benefits, one has to note this first and foremost. A person has the right to complain if he or she knows that their information is stolen or breached from an entity or a person. This gives an individual empowerment knowing that that they own it and are able to deal with it according to the law. Through this, one can make a difference knowing that they have their health records confidential (U.S. Department of Health and Human Services OCR, 2011).

One feels safe knowing that their medical information is with those that are safe. This includes doctors, nurses and so forth. A person understands that if they do complain at anytime, OCR will go to that particular part of the nation in order to find out whether or not compliance is taking place (U.S. Department of Health and Human Services OCR, 2011). Regardless, an individual can give out their personal information, and these hospitals and clinics can hold on to it for years. In fact, they can outsource the compliance aspect of it to other businesses, such as Outcomes Health Information Solutions.

Many medical records that are hand written are starting to become electronic. A patient will have to sign either electronically or on paper in order for one to use their information for research or compliance purposes. Some individuals may not like the fact that this is becoming a growing phenomenon. However, one cannot avoid that the information age is here. Computers and phones have Internet access, and if protections are not in place with medical records, people could easily get their identity stolen because of the PHI provided to doctor's offices and any medical facility that is available. Eventually, he or she will have to accept the fact that this is occurring without resistance. HIPAA is making sure that businesses comply in order to protect everyone as much as possible. Now it is the time to discuss the setbacks to HIPAA because one can only do much as a person and as a company.

The downfalls are as follows. Since technology is ever growing and becoming more complicated on a regular basis, one has to consider all the necessary means of protecting a patients PHI without having someone access it. Many locations are using software to do so; however, not all of them are this current. In fact, a variety is under HIPAA but do not have the means of transferring patient information to electronic format. Once it is available on one's computer at the clinic or doctor's office, he or she has good reasons to have some level of fear. This is something that was mentioned by HHS because of TTYS that is available as well to convey information for the hearing impaired (U.S. Department of Health and Human Services, 2011).

Choices are what can help or hinder HIPAA. For example, a person may choose to disclose information, but risk having to pay at least $11,000 plus court and lawyer costs (U.S. Department of Health and Human Services Civil Rights, 2011). Is this worth it to take advantage of someone else's data in that matter? One has to note that this is not an easy task to face the consequences; however, facilities are delisted for failure to comply because of it (U.S. Department of Health and Human Services, 2011). This can easily ruin a medical business as well as anyone who took part in the efforts in disclosing a person's address, phone number, social security number, date of birth and so forth (U.S. Department of Health and Human Services, 2011). These are indicators of what identifies oneself and could ruin someone for life. He or she may no longer have a bank account because everything is wiped out. Eventually, one can recover all their funds back by going to the authorities, which is why it is crucial that this does not occur in the first place no matter how he or she obtained the necessary information. One needs to reiterate the various forms of which HIPAA does apply to an organization and the expectations involved from the United States government.

The businesses that are required to comply include those that are "health plans, most healthcare providers and healthcare clearinghouses" (U.S. Department of Health and Human Services, 2011). For example, United Healthcare is an insurance company that has insurance plans for the consumer to purchase on a monthly basis. Medicare as well as Medicaid the government covers, but these are usually for those that are older adults and usually elderly or in long-term health conditions that could bring to one's demise. A provider consists of a doctor, but can consist of any clinical setting. Nursing homes are those that have to comply as well. A clearinghouse consists of those where the information was outsources too. One business that does this is Outcomes Health Information Solutions. These are those type of firms that conduct audits to make sure that compliance with HIPAA is occurring (U.S. Department of Health and Human Services, 2011).

A business associate consists of someone who does not have to comply with HIPAA. They are those that provide services but are not held liable to the law. This is because the privacy law does not apply. Through this endeavor, they are allowed to help with other organizations, and if they choose to do so with those that are medically based, then they are liable to it; consequently, PHI is shared and they are supposed to comply with HIPAA at this particular time (U.S. Department of Health and Human Services, 2011).

The locations that do not have to comply are as follows. These are "life insurers, employers, workers compensation carriers, many schools and school districts, many state agencies, many law enforcement agencies and municipal offices" (U.S. Department of Health and Human Services, 2011). The education businesses are important as well in this matter because they are those places that help make men and women successful of all ages.

Those that educate others are important. However, they are not exempt from HIPAA. They have to comply if they are medically related. For example, a child goes to the school nurse if he or she is sick. The medical professional also checks for lice as well as gives out influenza shots every year. These are ways in which one has to use HIPAA. For children, the parents have to consent to these acts to keep them current with immunizations and school policy. Every district has someone who has a medical degree and license to practice, so they have no choice but to comply with the law. One cannot avoid it because people do get sick. Regardless, everything has to get done in writing because this helps prevent any legal issues that could arise. In the long run, everyone is protected, including those who practice medicine daily (U.S. Department of Health and Human Services, 2011).