Health information is being passed from physicians to insurance companies and patients. Cases of health care fraud have been on the rise, and it has necessitated having an act to govern the health sector (Lo, 2009). The “Health Insurance Portability and Accountability Act (HIPAA)” was created in 1996 to protect the rights of patients. The act was mainly developed to safeguard privacy rights of patients. The patient’s information being shared amongst various stakeholders of the health sector must be protected.
Every profession has ethics to be followed by the professionals practicing the professional. Professional bodies publish their code of ethics and a body set aside to watch over professionals acting against the set standards. The health sector is not an exception, and there is a set code of ethics meant to be followed by the health practitioners (Lo, 2009). Whereas the health sector is becoming more complex due to various parties involved, there is need to protect patients, especially their privacy.
The HIPAA Act
In health informatics, the HIPAA act deals with complex legal aspects and how they affect information technology and health related fields. With the ever-rising technology, the health sector has adopted electronic tools in its service delivery. The Act seeks to address the ethical, operational and privacy issues, which may invariably arise because of adopting electronic devices in health care delivery. Laws, which govern health information, deal with instances where data or patient’s records are exchanged amongst various parties involved in the health care delivery. Health information law addresses issues relating to information technology, health care and the flow of patient’s private information. The HIPAA act is tasked with the responsibility of maintaining a standard of health information privacy. Majority of citizens have raised concerns over the privacy of their health information. This concern is aggravated by the rapid shift from manual health records to electronic records. Patient’s health information is considered immensely sensitive, which necessitated the need of a law to protect its privacy.
Objectives of HIPAA Act
The objective of HIPAA is to safeguard patient’s health information; however, the information may be disclosed during patient care. Whereas HIPAA seeks to protect health information, it only applies to a limited health record holders. The law protects electronic information records possessed by health care suppliers, health plans and health clearing houses. It is worth noting that the law is limited to electronically held records kept by the authorized parties. It cannot be, however, conclusively be said that the law guarantees absolute privacy of information, because once the information is shared amongst the authorized parties, it is no longer secure and private. However, it is vital to note that the law allows health providers to share the patient’s health data with friends, family or others who are directly involved in the payment of the care services (Moini, 2009). The law demands security and privacy of electronic health records to be ensured before the information is passed to another party. Electronic health records are kept, maintained and transmitted electronically and, therefore, their safety and privacy must be upheld.
HIPAA and Privacy of Health Information
Whereas HIPAA governs the privacy of a patient’s information, an individual cannot sustain a lawsuit against another party based solely on the breach of the HIPAA act. This has proofed impossible even when a plaintiff believes his private health information has been disclosed and the defendant has acted in violation in HIPAA. In such a case, HIPAA provides avenues and mechanisms through which the individual is able to file a complaint with the government. Electronic records being transferred amongst various parties in the health industry may raise legal problem on the amount of information that can be disclosed. HIPAA failed to give clear guidance on what constitutes “minimum necessary” information, and this has caused various legal problems relating to information transferred amongst various stakeholders in the health care industry. The law also requires the authorized entities to disclose health information to the patients, allow them to copy and store their health data. However, such health information must be maintained under a category of documents called designated record set.
The HITECH Act of 2009
In February 2009, Obama administration adopted an Act, which was meant to further the course of protecting patient’s private information. “Health Information Technology for Economic and Clinical Health Act (HITECH)” was developed to control sharing of data and ensure that accountability is upheld (Corey & Corey, 2010). The Act regulates data sharing on electronic health records. It also regulates types of technology adopted by health practitioners to manage electronic records. The Act requires health care organizations to document all electronic messages relating to patient’s health information. This is meant to ensure that such records can be retrieved and review which patient’s information was exchanged with which party (Corey & Corey, 2010). It is also required that an application should be installed, which indicates whether the archived information was accessed and by which person.
Research and Disclosure of Health Information
The privacy rule relating to a patient’s private health information deals with the disclosure of protected health information by the authorized parties. As earlier mentioned, the authorized entities are the health care providers, plans and clearing houses. However, it is worth noting that researchers do not fall in the category of the authorized parties unless they are working under a health plan or a hospital. It is also under the law for the authorized entities to acquire authorization before they can disclose a patient’s private health information. The authorization refers to a statement, which is dated and approved by the patient allowing the entity to reveal his or her health information. It should, however, be noted that there are circumstances under which health information may be disclosed without authorization from the patient. Such instances arise when the patient in question is deceased. In such an instance, his health information can be disclosed to researchers without prior authorization from his or her relatives (Kulynych & Korn, 2003). When an institutional review board has been set up and has authorized the disclosure of a patient’s health information, an authorization from the patient is not required. The third instance under which the patient’s authorization may not be required is catered for by the grandfather clause of the act. The clause asserts that authorization is not required if the permission to use the information for study was acquired prior to conformity date, 14 April 2003.
Cloud Technology and Health Information
There has been increased usage of applications used to electronically record and maintain patient’s information. Physicians and hospitals have increasingly populated Electronic Medical Records and Electronic Health Records with patient information. With the advancing technology, there have been indications that soon such information might be stored on the cloud (Charters, 2003). Such technology has brought with it legal issues relating to privacy of patient’s health information. Health information stored on a public cloud is prone to security and privacy. However, some regulations govern such information’s privacy. This is contained in the HIPAA compliance overview that ensures the security and privacy of patient’s health information is not compromised. The new HIPAA rules require a system to be incorporated to ensure identification and authentication of users. This is aimed at ensuring that unauthorized parties do not access that patient’s health information. The rule is also clear on the confidentiality of health information stored on the cloud. The act requires maximum control to ensure authorized disclosure of data. Integrity should also be upheld while handling patient’s health information. This rule seeks to ensure that data is not altered, and its originality is maintained. The rule also requires the control of how users behave while accessing the stored health information (Charters, 2003). This is all in line with the ethics of the health profession of maintaining and sustaining the privacy of patient’s information.
In this era when technology is on the rise, health information is kept, maintained and transferred electronically. This has raised various questions over the confidentiality of information. This situation is aggravated by the increasing health care fraud being experienced over the Internet. Patients are increasingly becoming concerned about their health information, which they believe might be used against them by the federal government. The main concern is privacy and security of health information exchange. There are various entities involved in health care provision, and health information is exchanged amongst them hence compromising the privacy and security of such information. The HIPAA has however set standards and provided new rules, which are meant to regulate health information being maintained and transferred electronically. Although the act protects the privacy, a patient cannot sustain a lawsuit against another party based solely on the breach of the HIPAA act. This is impossible even when a plaintiff believes his private health information has been disclosed, and the defendant has acted in violation in HIPAA. In such a case, HIPAA provides avenues and mechanisms through which the individual can file a complaint with the government.