Health Insurance Portability and Accountability Term Paper

Excerpt from Term Paper :

d.) the variations HIPAA necessitates would be sufficient and the changes would be accompanied by remarkable uneasiness in several respects. Functioning in the type of high-security setting visualized by the proposed HIPAA security regulations would imply functioning under regular surveillance and with concentration to making medical record information as being secure. Whether in relation to paper or electronic form, information relating to medical record could not be any longer be left unprotected, wherein a normal observer, a thief or a snoop, could have reach to it. ("History: HIPAA General Information. Health Insurance Portability and Accountability Act," n.d.)

The Health Insurance Portability and Accountability Act -- HIPAA indicate to be one of the most confronting functional initiatives most radiologists would confront in their careers. The anticipations of HIPAA are very large and the results of failure to agree continue beyond the related financial penalties. Not similar to the fraud and abuse compliance programs, that are considered to be voluntary, HIPAA is compulsory for groups utilizing electronic data transmissions, having stringent time stipulations and penalties for non-consonance. But HIPAA is most of the time vague, basically because the controls were being written for such a broad arena of health care such as insurance firms and the big health care systems within the country to the small medical or the dental practices. Attaining the required amount of cultural variations is prone to be HIPAA's largest challenge as about 200 new policies and practices are initiated and a new mode of thinking about work is required. For such practices which have not yet started working with regard to their compliance plans, the weeks as well as months forward would be tense and taxing to staff morale. Groups which have started functioning with regard to their compliance plans have revealed their frustration that go together with solving one problem only to find three more in the process. The initiation of the Privacy Standards continues to be particularly challenging, because they identify the first initiation to the new world of HIPPA and they are complicated, not suited well to radiology functions, and would be problematic for the staff to recollect. (Kroken, 2002) significant element of HIPAA, the security norms, strive to safeguard the safety of health information in digital form, in contrast to the privacy standards, that is applicable to PHI in all kinds -- electronic, oral and written. The security norms adopt national standards for protection to safeguard the secrecy, integrity and accessibility of digital PHI. The ultimate norms were brought out on February 20, 2003. Security is chalked out to deal with protections and set minimum, uniform standard levels for digital concerns such as authorization of accessibility, data backup and storage; catastrophe revival strategies; encryption and decryption; capability safety strategies; emergency functions; maintaining records; safety recollections; managing password; personnel security; termination processes, and safe forms of disposal. (Schoppmann;Sanders, 2004)

In this manner the liability that physicians have to safeguard their patients from damage gives rise to the liability to safeguard patient secrecy and information. The change from paper and film oriented medical records towards electronic ones brings about supplementary challenges and liabilities to the healthcare providers. The radiologists make participation in this responsibility to safeguard patient privacy and the safety of patient information, particularly in acquiring, storage as well as delivery of medical images and associated reports. It is pertinent for radiologists to meticulously record their privacy and security policies and make this information known to their patients. The liability to safeguard patient secrecy and to make patient data secure from loss or corruption is an important necessity for the providing of medical care by a radiologist. ("Practice Guideline for Electronic Medical Information Privacy and Security," 2004)

The conformity of the HIPAA security norms initiates then, with a survey and evaluation of risk, utilizing the standards and specifications relating to the security standards as being the guide. The decision making need to be reinforced by means of probable responsibilities, results, practice size and resources, technical capacity and the expenses of executing the probable security remedies. (Schoppmann;Sanders, 2004) to begin with, an accurate and present inventory of all systems that create, disseminate, store or processing of patient information is essential. but, only understanding what and where is not adequate. HIPAA conformity officers or their delegates are required to acquaint themselves with all arenas of the medium applied for storing medical records incorporating but definitely not confined to "(1) Internet Protocol -- IP Address as well as Domain Name System -- DNS name; (2) Operating system, version, as well as vulnerabilities; (3) Needed processes as well as their vulnerabilities; (4) Any un-required services processed on the computer, (5) Auditing or accessing abilities of each system is required to incorporate as to what an individual had made accessibility and who have was able to access a particular record; (6) All outside points of accessibility from the Internet like modems or edge routers; (7) Organizational levels that cater to a virtual private network -- VPN, and the security capacities of each; (8) Firewalls location in the architecture and security level capacities of each; (9) if the interference recognition is applied and what its abilities are (10) Wireless accessibility points and level of securities imposed; (11) Network policies and written system that are being enforced." ("Practice Guideline for Electronic Medical Information Privacy and Security," 2004)

Once finished, the inventory survey could be applied to conduct the risk analysis. Performing this exercise assists the HIPAA compliance officer make prioritization of the departmental procedure. A couple of crucial terms to remember are the comparative significance of the device, and the sensitivity of the data on it. An important device like a Radiology Information System -- RIS need to have high amount of fault tolerance. A scanner, alternatively, might have a large number of support systems; therefore the fear of loss might not be so grave. Contrary to this the lengths to that one is required to safeguard data is required to be something associated with the sensitivity of that data. A device which has only patient names as well as examination accessibility numbers, example, a procedure function list client is not as crucial to have compromised as that of a Hospital Information system -- HIS or Electronic Medical Record -- EMR that includes all data on a patient. ("Practice Guideline for Electronic Medical Information Privacy and Security," 2004)

Devices having high value of data need to be properly protected with regard to confidentiality, whereas those items which are crucial is required to be significantly fault lenient. As soon as the inventory is recognized and the liability is evaluated, an execution strategy making comparisons of the present state of equipment to that of the desired ultimate state is essential. The distinction between what is presently in place and what is required to term the 'gap'. The gap study strives to carry out the execution plan and the financial budget. To illustrate, a present teleradiology system might transmit images unencrypted through the Internet. HIPAA rules necessitates a system that could detect users, audit their activities, and safeguard the exams from view by unauthorized third persons. Hence a simple list to cater to this gap and create a budget would be (1) an up-gradation to the present level of operating system. (2) a tele-radiology which provides user auditing; (3) Hardware -- or software focused public important encryption. The other sub-sections utilize the present HIPAA rules to attain recommended policies as well as processes for compliance- thereby indicating the ultimate objective for analysis of the gap. ("Practice Guideline for Electronic Medical Information Privacy and Security," 2004)

The radiologists are hence to make certain the compliance with applied provisions of the Health Insurance Portability and Accountability Act of 1996 that associates processes dealing with the safeguard, usage and disclosure of Protected Health Information-PHI, record of displays, accessibility by individuals as well as third parties to PHI, safeguard of PHI by contractors, business associate agreements as well as training of employees. Radiologists in consonance with the Health Insurance Portability and Accountability Act of 1996 are to consider personal information securely as well as secretly. The radiologists are to confine accessibility to personal information to only such individuals who require recognizing that information to offer support services to clients. They have to be skilled with regard to the significance of protecting this information and are required to be in agreement with the processes and applicable laws. Radiologists have to cater to stringent physical, electronic as well as procedural safety norms to safeguard personal information and keep up internal systems to foster the integrity and accuracy relating to that information. ("HIPAA policy: Radiology Contractors," n. d.)

Practices relating to Radiology that have performed their job of implementing of the privacy norms would stay ahead of the security game since the privacy standards already necessitate that a covered entity have in place, "suitable technical, administrative and physical protections to safeguard the privacy relating to safeguarded health information." (Schoppmann;Sanders, 2004) Majority of…

Cite This Term Paper:

"Health Insurance Portability And Accountability" (2007, October 02) Retrieved August 22, 2017, from

"Health Insurance Portability And Accountability" 02 October 2007. Web.22 August. 2017. <>

"Health Insurance Portability And Accountability", 02 October 2007, Accessed.22 August. 2017,