HIPPA and Data Security
Health Insurance Portability and Accountability (HIPAA)
The HIPPA regulations address four broad areas. These are privacy, security identifiers, transaction and code sets. The Privacy Rule sets the standard for controlling protected health information (PHI) in different forms. Among others things, the privacy rules state that a patient has the right to access information, request for corrections to be made errors for specific entries, and receive information on how his advice has been used, including those who have accessed it (Armstrong, Kline-Rogers, Jani, Goldman, Fang, Mukherjee, Nallamothu & Eagle 2005). The patients may also request for confidential information, call for limits on access of information, request for confidential information on sensitive matters, complain to the Privacy Officer of an entity if needed and investigate the complaint with the US Department of Health and Human Services Office of Civil Rights if he/she is dissatisfied. The administration has specific rules and regulations under which information may be disclosed.
The Security Rules deal with the storage and transmission of protected health information in electronic format. The rules stipulate that patient’s health information gets stored in a manner that ensures its integrity and made available when needed. Such information must be stored in a system that has a backup and must be recovered if a disaster strikes or in case of an emergency. The rule strengthens that entities covered must "collect, maintain, use or transmit" PHI in electronic form must establish "reasonable and appropriate administrative, physical and technical safeguards" that ensure integrity, availability and confidentiality” (Wafa, 2010, pp. 162). The entities must carry out an assessment of the potential risks, develop the security measures it intends to implement, document and update them. The...
References: Armstrong D, Kline-Rogers E, Jani S, Goldman E, Fang J, Mukherjee D, Nallamothu B, Eagle K (2005). Potential impact of the HIPAA privacy rule on data collection in a registry of patients with acute coronary syndrome. Arch Intern Med 165 (10): 1125–9.
Wafa, T. (2010). How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy. Northern Illinois University Law Review, 30(3): 162-187.
Wilson J (2006). Health Insurance Portability and Accountability Act Privacy rule causes ongoing concerns among clinicians and researchers. Ann Intern Med 145 (4): 313–6.
Please join StudyMode to read the full document