April 17th, 2011
Administrative Ethics Paper
Organizations today are constantly under watch because of Health Insurance Portability and Accountability Act (HIPAA). Today an organization must take specific measures to protect an individual’s private health information. As technology advances with the coming future, protection as become increasing difficult, covering all the basis and guidelines brought forth by HIPAA laws. A major concern of the federal government is an intended or unintended breach of HIPAA regulations. Along with HIPAA, came the creation of the Privacy Rule. The Privacy Rule according to Mir, (2011), “restricts the use and disclosure of health information except by the individual, persons granted access by the individual, or as authorized and required by the privacy rule” (p. 11, para. 2). In 2009, President Obama endorsed the American Recovery and Reinvestment Act (ARRA).The ideals of HIPAA was growing quickly, the growth was complete with the aid of the Health Information Technology for Economic and Clinical Health Act (HITECH), which is a part within the ARRA. This growth not only covered health care providers and health care organization, but also the organization’s business associates. Everyone within an organization is responsible to protect health information, and the Office for Civil Rights (OCR) has no problem enforcing these new guidelines. Especially if there is a breach of information, and it is not reported by the organization (Boerner, 2009). Issue and impact
A breach of any kind of patient information can be costly to an individual and the entire organization. A breach is a devastating issue for all parties involved, especially for the individual, whose privacy has been violated. Pertinent patient information could destroy a patient’s life that it can become deadly. Individuals steal medical information, and use it for personal use, causing problems within the patient’s medical record. This can cause wrong diagnoses, wrong medications could be administered and could be detrimental the patient’s health. However, this issue does not only impact the patient, it impacts the organization that obviously does not have the provisions necessary to protect a patient’s information. If the organization has a breach of patient information, all parties must be notified immediately, this includes the OCR. A breach of patient information within any organization undermines its trust and reputation within the community. In the article, written by Angela K. Dinh, “Breach Notification Rule: Where Are We?” explains the ramifications of a breach and the damage a breach can cause. Facts
The highly respected Ponemon Institute provides research data regarding patient’s privacy and data security. The institute’s latest research states that more than 69% of health care organizations do not believe that protecting patient information is not a main concern. To bring this issue into reality, the OCR reported that in November 2010, more than five million patients information were affected by a breach. These statistics include with more than 190 registered offenses, approximately 185 were as a result of theft or loss, and unlawful entry. These figures are staggering and have a financial impact more than two million dollars for one specific organization. The Ponemon Institute estimates the financial liability for the entire population of the United States hospitals calculates to approximately $12 billion (Dinh, 2011).To comprehend is implications of the OCR’s fines for an organization; a health care organization must understand the importance of the patient’s right to protected health information and the ramifications if there is a breach. Recently the OCR penalized two prestigious health care organizations, the first was the Massachusetts General paying a settlement of one million dollars, and Cignet Health of Maryland with fines up to $4.3...