Privacy, in healthcare is defined as patient’s right to control the disclosure of his or her confidential personal information. Security is defined as all the methods, processes and technology used to protect the confidentiality and safety of patient’s personal information. Privacy is very important aspect of the patient–physician relationship. Patients share personal information with their physicians to facilitate correct diagnosis and treatment, and to avoid adverse drug interactions. Privacy and security of patients health record has always been an important issue for the healthcare facilities. The need for stronger measures for protecting patient’s information is essential with the advent of Electronic Health Record …show more content…
HIPAA is divided into five titles or categories covering different aspects of healthcare. The highlights of these five titles are (i) continuous health care insurance coverage for most people, (ii) preventing health care fraud and abuse and protecting patient’s personal information, (iii) tax-related health provisions governing medical savings accounts, (iv) application and enforcement of group health insurance requirements, (v) revenue offset governing tax deductions for employers. Title II of HIPAA deals with Fraud/Abuse in healthcare, Administrative Simplification via standardization of electronic exchange and privacy and security of protected health information (PHI). PHI is individually identifiable information of patient’s health record that covered entities and their business associates maintain or share. As defined by HIPAA a covered entity is a health plan, a healthcare clearinghouse, or a healthcare provider. Business associates are individuals or organizations that perform work on the behalf of the covered entities. The title II provision of ‘Administrative Simplification’ include rules for protecting privacy and security of PHI. The US Department of Health and Human Services Office for …show more content…
The standard provides criteria for the contract.
• Policies and procedures: These standards require covered entity to have policies and procedures in place to comply with the security rule. It requires covered entity to maintain until six years after the date of creation the written security policies and procedure document. A covered entity must review and update its policies and procedures if there is any change in environment or organization.
The Breach Notification Rule
This rule requires the covered entity to promptly notify individuals and the Secretary of the HHS of the loss, theft, or certain other impermissible uses or disclosures of unsecured PHI. Health care providers must also promptly notify the Secretary of HHS if there is any breach of unsecured protected health information if the breach affects 500 or more individuals, and notify the media if the breach affects more than 500 individuals of a State or jurisdiction.
HIM professionals have great responsibility of protecting the PHI of the patients. Following methods can be adapted to have superior privacy and security of the medical records
• Providing security and privacy training to the