Privacy And HIPAA
The protection of the patient privacy and security is essential for the health care providers and hospitals. There are several federal laws and rules aiming to protect the health information of patients. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives the authority the right to pass the law to protect the patient privacy. The Privacy rule that passed in 2003 regulates the use and disclosure of the health information. Accordingly, the Protected Health Information that is able to identify to a person or to indicate the health status can be only used or disclosed by covered entities for Treatment, Payment, Operations purposes (TPO), or for the authorization form as the non-TPO purpose. The violation of the Privacy
Rule would face a $5,000 per case penalties, or jail time. The Security Rule focuses on electronic PHI, making polies for administrative, technical, and physical safeguards. The administrative safeguards include the procedures, policies, and maintenance of security measures that protect the PHI. The technical safeguards refer to the policies and procedures that protect and control access to the electronic PHI. The physical safeguards are procedures and policies about physical protections of covered entities’ electronic information systems and related equipment. The rule has the equal effect to the contractors of the covered entity or the third party that requires the PHI to provide services for the covered entity. Along with the development of technologies, the use of electronic health systems (EHS) has increased extremely. Although the EHS provides a more efficient tool for patients and doctors, more challenges to privacy and security have emerged due to the extensive use of the electronic tool. If I were an administrator of a hospital, I would implement the principles of the minimum access to the PHI and the necessary of supervisor monitor. The use of patient portal, for instance, should be limited and monitored. The employees should take training periodically, to pay attention to the contents of their conversation and to deliver health care services without disclosing the PHI. Moreover, the classification of the access to the PHI should be set at the beginning, and the EHS should be scheduled maintenance by the IT Department.
Rule would face a $5,000 per case penalties, or jail time. The Security Rule focuses on electronic PHI, making polies for administrative, technical, and physical safeguards. The administrative safeguards include the procedures, policies, and maintenance of security measures that protect the PHI. The technical safeguards refer to the policies and procedures that protect and control access to the electronic PHI. The physical safeguards are procedures and policies about physical protections of covered entities’ electronic information systems and related equipment. The rule has the equal effect to the contractors of the covered entity or the third party that requires the PHI to provide services for the covered entity. Along with the development of technologies, the use of electronic health systems (EHS) has increased extremely. Although the EHS provides a more efficient tool for patients and doctors, more challenges to privacy and security have emerged due to the extensive use of the electronic tool. If I were an administrator of a hospital, I would implement the principles of the minimum access to the PHI and the necessary of supervisor monitor. The use of patient portal, for instance, should be limited and monitored. The employees should take training periodically, to pay attention to the contents of their conversation and to deliver health care services without disclosing the PHI. Moreover, the classification of the access to the PHI should be set at the beginning, and the EHS should be scheduled maintenance by the IT Department.