Essay On Confidentiality In Health Care
Confidentiality in Health Care
Abstract
The Health Information Portability Accountability Act was enacted to prevent patient’s private health information from being disclosed without authorization. The Health Information Portability Accountability Act has different sections which define what covered entities are, and explain what minimum necessity is in relation to patient’s private health information. This paper also discusses what the penalties may be for different types of private health information breaches under the Health Information Technology for Economic and Clinical Health Act.
Confidentiality in Health Care
Under the Health Information Portability Accountability Act (HIPAA) Privacy Rule which applies to covered entities defines covered entities as health plans, health care clearinghouses, and health care providers who transmit any health information electronically in connection with transactions (Miller and Schlatter, 2011). These transactions concern billing and payment for services or insurance coverage. Covered entities can be institutions, organizations, or …show more content…
persons. The Privacy Rule only applies to covered entities so many organizations that use, collect, access, and disclose identifiable health information will not have to comply with the Privacy Rule if they do not meet the definition of a covered entity.
The Privacy Rule generally requires covered entities to take reasonable steps to limit the use or disclosure of and requests for protected health information to the minimum necessary to accomplish the intended purpose. The minimum necessary standard is based on current practice that protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. This HIPPA provision requires a covered entity to develop and implement policies and procedures that are appropriate for the organization. The covered entity’s policies and procedures must identify the persons or classes of persons within the organization who need access to the information to carry out their job duties, the types of protected health information needed and the conditions to such access (Miller and Schlatter, 2011).
As part of the American Recovery and Reinvestment Act, congress established the Health Information Technology for Economic and Clinical Health (HITEC) Act to broaden and increase the HIPAA scope of protecting the privacy and security of personal health information. HITEC requires a covered entity and business associate to notify appropriate parties regarding the breach of unsecure private health information. Anyone who violates these provisions is subject to increased civil and criminal penalties. The Department of Justice is responsible in enforcing criminal penalties while the Department of Health and Human Services’ office of Civil Rights is responsible for enforcing civil penalties. HITEC has a three-tier civil monetary penalty structure with fines ranging from $100 to $1,500,000 depending on if the violation was unknown, if there was just cause for the violation, or if the violation was due to willful neglect (Davis, 2009). As for the criminal penalties, a person is guilty if they knowingly and wrongfully disclose private health information persons can be fined, imprisoned or both.
A breach of private health information is defined as the acquisition, access, use, or disclosure of unsecured private health information, in a manner not permitted by HIPAA, which poses a significant risk of financial, reputational, or other harm to the affected individual (Davis, 2009).
In the article “Nurse Pleads Guilty to HIPAA Violations” a licensed practical nurse from Arkansas accessed a patient’s private health information then shared that information with her husband, who called the patient and told the patient he intended to use the information against the patient in a legal proceeding. The nurse was fired from her job and both were indicted on federal charges of conspiracy to violate the HIPAA laws. The nurse pled guilty to wrongful disclosure of individually identifiable health information for personal gain and faces a penalty of ten years in imprisonment, a $250,000 fine or
both.
Congress established the HIPAA to protect patients’ basic rights to privacy and their control over the disclosure of their personal health information. However there are situations where private health information can be released without the patients’ authorization. Medical care providers and any entity who are participating in the patients’ care, and to businesses that provide services for those providers like specialty consultants, lab services, or billing services. These types of services do not require authorization because they are for treatment, payment, or health care operation reasons, but the covered entity should have a written contract or arrangement that establishes specifically what a business associate has to comply with according to the privacy and security of patient’s protected health information. The nurse in the article accessed the private health information of the patient for personal gain not because of anything related to the treatment, payment, or health care operations for the patient.
References
Davis, J. (n.d.). Retrieved March 20, 2015, from http://search.proquest.com/docview/191683273/6FE5C5CD74D94EF3PQ/2?accountid=89121
Erlen, J. (n.d.). HIPAA-CLinical and Ethical Considerations for Nurses. Retrieved March 20, 2015, from http://search.proquest.com/docview/195969625/3015FF07FE024BB5PQ/18?accountid=89121
HIPAA Privacy Rule and Its Impacts on Research. (n.d.). Retrieved March 21, 2015, from http://privacyruleandresearch.nih.gov/pr_06.asp
HITECH Act Summary. (n.d.). Retrieved March 21, 2015, from http://www.hipaasurvivalguide.com/hitech-act-summary.php
Health Information Privacy. (n.d.). Retrieved March 21, 2015, from http://www.hhs.gov/ocr/privacy/
Robert, M. (n.d.). Can This Health Information Be Disclosed? Retrieved March 20, 2015, from http://search.proquest.com/docview/868051782/D99A43F270724C20PQ/6?accountid=89121
When Can PHI Be Released without Authorization? (n.d.). Retrieved March 21, 2015, from http://biotech.law.lsu.edu/map/WhenCanPHIBeReleasedwithoutAuthorization.html
Wood, D. (n.d.). Nurse Pleads Guilty to HIPAA Violation. Retrieved March 20, 2015, from http://www.nursezone.com/nursing-news-events/more-news/Nurse-Pleads-Guilty-to-HIPAA-Violation_28082.aspx
Abstract
The Health Information Portability Accountability Act was enacted to prevent patient’s private health information from being disclosed without authorization. The Health Information Portability Accountability Act has different sections which define what covered entities are, and explain what minimum necessity is in relation to patient’s private health information. This paper also discusses what the penalties may be for different types of private health information breaches under the Health Information Technology for Economic and Clinical Health Act.
Confidentiality in Health Care
Under the Health Information Portability Accountability Act (HIPAA) Privacy Rule which applies to covered entities defines covered entities as health plans, health care clearinghouses, and health care providers who transmit any health information electronically in connection with transactions (Miller and Schlatter, 2011). These transactions concern billing and payment for services or insurance coverage. Covered entities can be institutions, organizations, or …show more content…
persons. The Privacy Rule only applies to covered entities so many organizations that use, collect, access, and disclose identifiable health information will not have to comply with the Privacy Rule if they do not meet the definition of a covered entity.
The Privacy Rule generally requires covered entities to take reasonable steps to limit the use or disclosure of and requests for protected health information to the minimum necessary to accomplish the intended purpose. The minimum necessary standard is based on current practice that protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. This HIPPA provision requires a covered entity to develop and implement policies and procedures that are appropriate for the organization. The covered entity’s policies and procedures must identify the persons or classes of persons within the organization who need access to the information to carry out their job duties, the types of protected health information needed and the conditions to such access (Miller and Schlatter, 2011).
As part of the American Recovery and Reinvestment Act, congress established the Health Information Technology for Economic and Clinical Health (HITEC) Act to broaden and increase the HIPAA scope of protecting the privacy and security of personal health information. HITEC requires a covered entity and business associate to notify appropriate parties regarding the breach of unsecure private health information. Anyone who violates these provisions is subject to increased civil and criminal penalties. The Department of Justice is responsible in enforcing criminal penalties while the Department of Health and Human Services’ office of Civil Rights is responsible for enforcing civil penalties. HITEC has a three-tier civil monetary penalty structure with fines ranging from $100 to $1,500,000 depending on if the violation was unknown, if there was just cause for the violation, or if the violation was due to willful neglect (Davis, 2009). As for the criminal penalties, a person is guilty if they knowingly and wrongfully disclose private health information persons can be fined, imprisoned or both.
A breach of private health information is defined as the acquisition, access, use, or disclosure of unsecured private health information, in a manner not permitted by HIPAA, which poses a significant risk of financial, reputational, or other harm to the affected individual (Davis, 2009).
In the article “Nurse Pleads Guilty to HIPAA Violations” a licensed practical nurse from Arkansas accessed a patient’s private health information then shared that information with her husband, who called the patient and told the patient he intended to use the information against the patient in a legal proceeding. The nurse was fired from her job and both were indicted on federal charges of conspiracy to violate the HIPAA laws. The nurse pled guilty to wrongful disclosure of individually identifiable health information for personal gain and faces a penalty of ten years in imprisonment, a $250,000 fine or
both.
Congress established the HIPAA to protect patients’ basic rights to privacy and their control over the disclosure of their personal health information. However there are situations where private health information can be released without the patients’ authorization. Medical care providers and any entity who are participating in the patients’ care, and to businesses that provide services for those providers like specialty consultants, lab services, or billing services. These types of services do not require authorization because they are for treatment, payment, or health care operation reasons, but the covered entity should have a written contract or arrangement that establishes specifically what a business associate has to comply with according to the privacy and security of patient’s protected health information. The nurse in the article accessed the private health information of the patient for personal gain not because of anything related to the treatment, payment, or health care operations for the patient.
References
Davis, J. (n.d.). Retrieved March 20, 2015, from http://search.proquest.com/docview/191683273/6FE5C5CD74D94EF3PQ/2?accountid=89121
Erlen, J. (n.d.). HIPAA-CLinical and Ethical Considerations for Nurses. Retrieved March 20, 2015, from http://search.proquest.com/docview/195969625/3015FF07FE024BB5PQ/18?accountid=89121
HIPAA Privacy Rule and Its Impacts on Research. (n.d.). Retrieved March 21, 2015, from http://privacyruleandresearch.nih.gov/pr_06.asp
HITECH Act Summary. (n.d.). Retrieved March 21, 2015, from http://www.hipaasurvivalguide.com/hitech-act-summary.php
Health Information Privacy. (n.d.). Retrieved March 21, 2015, from http://www.hhs.gov/ocr/privacy/
Robert, M. (n.d.). Can This Health Information Be Disclosed? Retrieved March 20, 2015, from http://search.proquest.com/docview/868051782/D99A43F270724C20PQ/6?accountid=89121
When Can PHI Be Released without Authorization? (n.d.). Retrieved March 21, 2015, from http://biotech.law.lsu.edu/map/WhenCanPHIBeReleasedwithoutAuthorization.html
Wood, D. (n.d.). Nurse Pleads Guilty to HIPAA Violation. Retrieved March 20, 2015, from http://www.nursezone.com/nursing-news-events/more-news/Nurse-Pleads-Guilty-to-HIPAA-Violation_28082.aspx