HIPAA and privacy guide 101

HIPAA has led to sweeping changes to health careinformed about how their personal information will be
administration and information systems as health careused. The 'protected health information' (PHI) indicates
organizations struggle to achieve cost-effectivethat the information cannot be used for marketing
compliance by 2003. The US Congress enacted thepurposes without the clear consent of the patients in
Health Insurance Portability and Accountability Act orquestion. People should be able to ask their covered
HIPAA in 1996. The act covered a wide array ofentities (which maintain PHI about them), to ensure that
issues surrounding the health insurance industry but intheir communications with the patient are confidential. It
particular it required administration simplification, whichshould be possible for people to file formal
addressed the issue of security and privacy of healthprivacy-related complaints to the Department of Health
information.and Human Services (HHS) Office for Civil Rights.
HIPAA is designed to standardize the way all healthCovered entities should document their privacy
care organizations electronically exchange sensitiveprocedures, however, they have discretion on what to
patient data and to protect patients from unauthorizedinclude in their privacy procedure. They are required to
disclosure of their medical records (whether paper ordesignate a privacy officer and train their employees.
electronic). HIPAA outlined standards to improve theCovered entities can use an individual's information
nation's health care system by incorporating electronicwithout the individual's consent if the purpose is to
data exchange between health care providers. Theprovide treatment, obtain payment for services and to
idea of course was to allow various health providersperform the non-treatment operational tasks of the
to access the records of a particular patient. So, whenprovider's business. Some of the agencies,
a patient visits a new hospital, the covering doctor cangovernment bodies and individuals who can access
access that patients past record and in so doingthe medical records of a person under HIPAA
provide him with better care. However, as one couldcompliance rules are the insurance companies,
envisage, this raised a great number of apprehensionsemployers, courts, hospitals, or individual physicians. This
with respect to the privacy and confidentiality ofis also considered as a downside of the HIPAA
people's medical records. So the legislature created aPrivacy rule because sponsors of a research study;
fundamental list of rules and regulations with whichmakers of drugs for the particular study and the
health care providers must comply. And the creationresearchers involved in the study are included in this list.
of these rules and regulations gave birth to the industryHowever, the ultimate objective of HIPAA is to
that is called HIPAA Compliance.increase the efficiency and effectiveness of health
To ensure HIPAA compliance, there are certain keyinformation systems through improvements in
provisions, which need to be followed. For instance,electronic health care transactions as well as to
individuals should be able to access their records andmaintain the security and privacy of individually
request correction of errors. Also, they should beidentifiable health information.