HIPAA: A Policy Analysis

downloadDownload
  • Words 3064
  • Pages 7
Download PDF

Introduction

The Health Insurance Portability and Accountability Act affects a wide range of people in many different areas. The majority of people who are impacted by this policy are health care providers, insurance companies, and the consumers of these agencies.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was passed to protect patient information. There are two main purposes to HIPAA also known as titles. Title one encompasses the health insurance coverage, while title two helps protect patient records and information. This law as a whole enables health insurance companies and health service providers to have access to patient information. HIPAA also allows the patients to feel protected while being treated or seeking out treatment.

Click to get a unique essay

Our writers can write you a new plagiarism-free essay on any topic

The title two section of HIPAA is going to be the main focus of the analysis. This topic will be analyzed by the structure of the policy, utilizing the goals, eligibility, types and levels of benefits, funding, and delivery. There will also be an evaluation of the contents of the policy, an evaluation of the implementation of the policy, an analysis of the policy outcomes, and a brief summary regarding the policy.

Structural Analysis of Policy

Goals and Objectives

With this law, each health organization has to get a signed form by each patient for information to be released to different people and healthcare professionals. HIPAA allows for patients to be more protected with their information, it protects them from fraudulent activity, and allows accessibility within different providers by using electronic data with permission from the patient (Department of Health Services, 2017). This policy had three goals in mind when it was passed in 1996. According to the Wisconsin Department of Health Services these three goals are; 1. health insurance portability, which means that there would be transferability and a continuity of health insurance coverage for all people, 2. accountability, which means that they would fight waste, fraud, and the abuse that is too often seen in health insurance and in the healthcare service delivery aspect, and 3. administrative simplification, which means to make healthcare billing and other transactions simplified for people to use by transmitting data electronically.

For this policy to work effectively, the Secretary of the U.S Department of Health and Human Services (HHS) came up with privacy rules and security rules. Privacy Rules were finalized in August of 2002, which include the national standards that protect health information by three categories of covered entities; health plans, health care clearinghouses and health care providers. The Security Rule was finalized in February of 2003 that includes protecting the confidentiality, integrity, and availability that is either held by a paper copy or by using electronic case files.

Eligibility

Everyone who goes into a doctor’s office, or a clinical setting is ‘eligible’ for being protected under the HIPAA law. Prior to receiving services, it is best practice for that office to have a patient sign a consent form so the office can have one’s information imported into their electronic data system. The United States Department of Health and Human Services discusses that the HIPPA law applies to health insurance plans and health care providers who are providing patient information in an electronic form. They also have created standards for all people to then follow in regards to protecting patient information. Therefore, under the HIPAA law title two, everyone is eligible to receive protection in regards to their identifying health information, their treatment records, and their health history.

Types and Levels of Benefits

There are different types of HIPAA mandates or statutes, but for the sake of the analysis the privacy section will be the most looked at and talked about. There are not different levels or benefits to HIPAA, as anyone can use it and each person will receive the same service regardless. However, there are the cases where someone does not receive the correct privacy protection and it is breached, but that is dealt with in a criminal or civil charge.

Donna Bowers wrote an article about HIPAA, and she explained that there are many benefits to HIPAA. Some of the benefits that she stated in her article are about how paper usage would be reduced due to using electronic case files. She said that they would be standardizing data which would assure that health insurance agencies would be coordinating on the benefits and the payments for patients. Also all patients’ personal health information and identifying markers will be confidential. In turn, the patients will knowingly receive care that protects their health information, and know that their information will be used for the purpose that is intended for the agency. The patients will also be ensured complete and total privacy as to what is going on with their health. Another benefit is that their data can be sent electronically to another doctor if they choose to have it sent over or not.

Funding

The HIPAA policy as a whole is not actually funded by anyone or any organization as it is for all to use in the healthcare field. However, there is an audit system that is used to ensure that healthcare organizations are following the HIPAA policies, and are staying up to date on the newest changes to the policy. This audit program is ran through the office for civil rights, and is then funded through the government. The Department of Health and Human Services, showed that the office for civil rights received an increase in funding in 2017. They then used the money to support the mandated audit program of HIPAA. This audit program was put into place by the health information technology for economic and clinical health act. This program will then become a tool to ensure that HIPAA is in compliance across all businesses and healthcare services. With the budget being expanded in 2017, they hoped to modernize the HIPAA policy, “[to] support innovation in healthcare, ensure adequate protections in new programs and technologies, streamline requirements to make them less burdensome, and evaluate new areas where HIPAA does not currently apply” (Department of Health and Human Services, 2016). This program audit mandate will ensure that the health care professionals directly involved with patients and their information. There are also different software being utilized to check the compliance of HIPAA.

Delivery

HIPAA’s privacy statute provides in more ways than one to the patients who are utilizing it. When a patient first comes into a clinic they should be signing a patient disclosure form right away. This specific form indicates that they understand that they are being protected under confidentiality rights and that they will be entered into the electronic data system. HIPAA will then provide patients more control over their medical information and will allow them to set boundaries with how their medical records will be used and/or released. It will push healthcare providers to protect their patients’ health information. If someone were to violate the HIPAA law, they would be held accountable, that could include civil and/or criminal penalties. By following HIPAA, it will allow for patients to make their own informed choices on what kind of care they want to receive and how their personal health information might be used. Patients will also be able to obtain their own medical records and can even request for corrections to be made. Lastly, HIPAA will empower patients to gain control of their health information, regarding the uses and the disclosure of their records.

Evaluation of Policy Contents

Goals and Objectives

The goals and objectives of the HIPAA policy address the need that was unmet prior to being established in 1996. The goals and objectives that are set in place are still meeting the needs of people today and HIPAA is widely used, and it is frowned upon to not use it.

HIPAA has three goals that they want to meet and these three goals are; 1. health insurance portability, which means that there would be transferability and a continuity of health insurance coverage for all people, 2. accountability, which means that they would fight waste, fraud, and the abuse that is too often seen in health insurance and in the healthcare service delivery aspect, and 3. administrative simplification, which means to make healthcare billing and other transactions simplified for people to use by transmitting data electronically.

The first goal of health insurance portability is met, and is continually being met. The department of labor states that people can be protected under group health plans for a multitude of different reasons. If you cannot go under a group health plan coverage, HIPAA allows for one to purchase individual coverage as well. People will be provided an opportunity to enroll in the group health care option if they were to lose coverage or if they were to get married or even have a child.

The next goal of HIPAA is to achieve accountability in fighting waste, fraud and the abuse that is too often seen in the health insurance and the healthcare service delivery aspect. This goal is achieved by health insurance companies ensuring that a patient is who they say they are before applying a bill. Those in the healthcare field are also ensuring a patient is who they say they are before even applying interventions or services. For example, at Fort Atkinson hospital, they ask you your name and your birthdate right when you check in. When you go into the triage room you are asked your name and birthdate again to ensure that you are who you say you are before they even take your blood pressure. The nurses and other staff at the hospital continue to do this over and over again to ensure that they are providing treatment to the right person–they are following the accountability aspect of HIPAA by ensuring that someone is not committing fraud.

The last goal of HIPAA is, administrative simplification, which means to make healthcare billing and other transactions simplified for people to use by transmitting data electronically. This goal is absolutely achievable in terms of making all of a patient’s’ health records electronic instead of paper copies. This allows for a patient to see multiple healthcare professionals and to have just one file between the few, by simply checking a box to allow this to happen. This makes things a lot easier for the patient and the other healthcare professionals who are all interacting throughout the patient’s treatment and interventions.

Funding

HIPAA is not necessarily funded by any organization or anything, but a program audit mandate is funded to ensure that HIPAA is being followed by those in the healthcare setting. This ensures that patients are being protected in all aspects. There are people who agree with program auditing, and those who believe that program auditing is only harming what HIPAA had intended to do.

Those that agree with program auditing for HIPAA see that this program is a tool to ensure that HIPAA is in compliance across all businesses and healthcare services. With the budget being expanded in 2017, they are hoping to modernize the HIPAA policy, “[to] support innovation in healthcare, ensure adequate protections in new programs and technologies, streamline requirements to make them less burdensome, and evaluate new areas where HIPAA does not currently apply” (Department of Health and Human Services, 2016). This program audit mandate will ensure that the health care professionals directly involved with patients and their information. There are also different software being utilized to check the compliance of HIPAA. We firmly believe that it is important to ensure that a policy is being followed by all those in health insurance agencies and healthcare delivery services as there are major penalties to not abiding by these policies.

Those that disagree with program auditing of HIPAA mainly argue that by allowing these audits we are not allowing for healthcare innovation to occur. They are worried that they are not getting the treatment that they need due to spending too much money on the auditing programs. This is an understandable worry of these people, but money is still being funneled into healthcare innovations. Also, the Department of Health and Human Services talked about how they wanted to modernize HIPAA, which included supporting the innovation of healthcare services.

The program auditing mandate to ensure that all companies and healthcare services are up to par with HIPAA are effective and are needed in the field. This is to ensure that our patients are being well taken care of, and that their privacy is always protected.

Policy Evaluation: Analysis of Policy Implementation

Overall, HIPAA’s rules and regulations have only benefited healthcare organizations and individual patients. There are five easy steps each organization can do to improve and make sure the privacy of each individual is protected. The first step includes selecting a privacy and security officer who would be handling an organization’s compliance plan. The second step includes a risk assessment, which allows each organization to analyze their workplace along with all electronic devices to identify any potential risks and vulnerabilities that may arise later on. The things that they would be looking for are components that might affect the confidentiality, integrity and availability of electronic documents. This is important because if a patient or healthcare provider cannot access charts then their availability to help the patient decreases and could harm the health of the patients. The third step includes, creating an organization’s ‘plan’ to make sure all faculty is on board and fully understands the rules and regulations that HIPAA entails. This normally includes a layout of both policy and procedures that employers have to understand when working with electronic patient documents. It is also important to keep in mind that policies and procedures are always changing so an organization’s ‘plan’ may have to be adjusted when these situations occur. The fourth step is incorporating business associates like vendors or contractors that also help run the organization. They need to be have full understanding of HIPAA because in most cases business associates handle billing, cloud storage, emails and access to the recent web host. According to NueMD the most successful way to do this is to perform an audit. Having an audit finalizes that they understand and will follow HIPPA before accepting a signed agreement. Lastly, the final step includes, training the employees. Up until this point the employees are only being educated on the rules and regulations but in order for them to fully grasp the material they have to go through training. It is recommended to train employees annually and keep these records of the training as proof to protect the organization.

Policy Evaluation: Analysis of Policy Outcomes

According to an article written by Daniel J. Solove, he explains that HIPAA is one of the most detailed and comprehensive policies in the medical field and that it addresses areas of concern that many other mothering policies do not have. These areas include: mandating the components of a facility’s privacy program, requires training, specifies measures that must be taken to protect data security, addresses de-identification of data and it has the only data breach notification requirement in federal law and includes fines for violation of conditions. In the same article it also proves that when it comes to comparing other nation’s rules and regulations, HIPAA has been the most successful thus far. Joy Pritts, chief privacy office at the Office of the National coordination for Health IT says, “HIPAA is more detailed, more specific, and in some ways stronger than EU privacy law. HIPAA provides a clearer sense of what is expected than many other privacy laws” (Solove, 2013).

Although there are many positives outcomes of HIPAA there are also concerns. The main concern that has been brought to the government’s attention is allowing appropriate access to an individual’s records. There are still times when today a caregiver or provider who should have access to someone’s records cannot because of ‘privacy’ rights. This can be a very large obstacle for many because in order to grant another family member access to records a sheet must be signed by the individual themselves and if they are not well enough to do so the records cannot be granted to the family. This concern can be frustrating to many and worst of all affect the care of the patient.

Conclusion and Suggestions for Policy Changes

HIPAA is a policy that was set into place in 1996, which protects patients’ information both orally and electronically. It also protects health care personnel and organizations that deal with medical records. Through the years, HIPAA has been revised for the better and benefits the protection and privacy of millions of individuals daily. HIPAA is open to anyone who is looking to receive interventions and or treatment in the healthcare setting. There are many titles that go into HIPAA, which prove how organized and detailed it is. Some basic rules and regulations that are incorporated into this specific policy include; training, financial violations if and when the rules are not being followed and signing a form to grant others access to your medical records. HIPAA is widely important because it not only protects the patient’s personal information and care services but it also puts trust in the healthcare professionals. One thing that should be changed when it comes to HIPAA is when there is a medical occurrence where a patient is too ill and does not have access or is incapable to sign a form to grant others permission to access one’s medical records. This should be changed because like it was mentioned before it could desperately affect the patient’s care and health, which is completely the opposite of what HIPAA’s main goal is.

References

  1. Bowers D. The Health Insurance Portability and Accountability Act: is it really all that bad? Proceedings (Baylor University Medical Center). 2001;14(4):347-348.
  2. Healthcare Industry’Journal of AHIMA 84, no.4 (April 2013): 30-31. Retrieved December 11, 2017, from, http://library.ahima.org/doc?oid=106326#.Wi8-TiOZPq1
  3. Health Plans & Benefits: Portability of Health Coverage. (2016, May 06). Retrieved December 11, 2017, from https://www.dol.gov/general/topic/health-plans/portability
  4. HIPAA Turns 10: Analyzing the Past, Present and Future Impact. (n.d.). Retrieved December 11, 2017, from http://bok.ahima.org/doc?oid=106325#.Wi85VEqnHIU
  5. Secretary, H. O., & (OB), O. O. (2016, February 16). FY 2017 Budget in Brief – OCR. Retrieved December 11, 2017, from https://www.hhs.gov/about/budget/fy2017/budget-in-brief/ocr/index.html
  6. Secretary, H. O., & (OCR), O. F. (2013, July 26). Summary of the HIPAA Security Rule. Retrieved December 06, 2017, from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
  7. Solove, Daniel J. ‘HIPAA Mighty and Flawed: Regulation has Wide-Reaching Impact on the
  8. Tuan, J. (2016, August 30). HIPAA Compliance: The Biggest Barrier To Healthcare Innovation. Retrieved December 11, 2017, from https://medium.com/@joetuan/hipaa-compliance-the-biggest-barrier-to-innovation-ac2bf3ae4e07
  9. 5 Steps for Implementing a Successful HIPAA Compliance Plan. (2016, July 13). Retrieved December 11, 2017, from https://www.nuemd.com/blog/5-steps-implementing-successful-hipaa-compliance-plan

image

We use cookies to give you the best experience possible. By continuing we’ll assume you board with our cookie policy.