| HIPAA has led to sweeping changes to health care | | | | informed about how their personal information will be |
| administration and information systems as health care | | | | used. The 'protected health information' (PHI) indicates |
| organizations struggle to achieve cost-effective | | | | that the information cannot be used for marketing |
| compliance by 2003. The US Congress enacted the | | | | purposes without the clear consent of the patients in |
| Health Insurance Portability and Accountability Act or | | | | question. People should be able to ask their covered |
| HIPAA in 1996. The act covered a wide array of | | | | entities (which maintain PHI about them), to ensure that |
| issues surrounding the health insurance industry but in | | | | their communications with the patient are confidential. It |
| particular it required administration simplification, which | | | | should be possible for people to file formal |
| addressed the issue of security and privacy of health | | | | privacy-related complaints to the Department of Health |
| information. | | | | and Human Services (HHS) Office for Civil Rights. |
| HIPAA is designed to standardize the way all health | | | | Covered entities should document their privacy |
| care organizations electronically exchange sensitive | | | | procedures, however, they have discretion on what to |
| patient data and to protect patients from unauthorized | | | | include in their privacy procedure. They are required to |
| disclosure of their medical records (whether paper or | | | | designate a privacy officer and train their employees. |
| electronic). HIPAA outlined standards to improve the | | | | Covered entities can use an individual's information |
| nation's health care system by incorporating electronic | | | | without the individual's consent if the purpose is to |
| data exchange between health care providers. The | | | | provide treatment, obtain payment for services and to |
| idea of course was to allow various health providers | | | | perform the non-treatment operational tasks of the |
| to access the records of a particular patient. So, when | | | | provider's business. Some of the agencies, |
| a patient visits a new hospital, the covering doctor can | | | | government bodies and individuals who can access |
| access that patients past record and in so doing | | | | the medical records of a person under HIPAA |
| provide him with better care. However, as one could | | | | compliance rules are the insurance companies, |
| envisage, this raised a great number of apprehensions | | | | employers, courts, hospitals, or individual physicians. This |
| with respect to the privacy and confidentiality of | | | | is also considered as a downside of the HIPAA |
| people's medical records. So the legislature created a | | | | Privacy rule because sponsors of a research study; |
| fundamental list of rules and regulations with which | | | | makers of drugs for the particular study and the |
| health care providers must comply. And the creation | | | | researchers involved in the study are included in this list. |
| of these rules and regulations gave birth to the industry | | | | However, the ultimate objective of HIPAA is to |
| that is called HIPAA Compliance. | | | | increase the efficiency and effectiveness of health |
| To ensure HIPAA compliance, there are certain key | | | | information systems through improvements in |
| provisions, which need to be followed. For instance, | | | | electronic health care transactions as well as to |
| individuals should be able to access their records and | | | | maintain the security and privacy of individually |
| request correction of errors. Also, they should be | | | | identifiable health information. |