| HIPAA has led to sweeping changes to health | | | | about how their personal information will be |
| care administration and information systems | | | | used. The 'protected health information' |
| as health care organizations struggle to | | | | (PHI) indicates that the information cannot |
| achieve cost-effective compliance by 2003. | | | | be used for marketing purposes without the |
| The US Congress enacted the Health Insurance | | | | clear consent of the patients in question. |
| Portability and Accountability Act or HIPAA | | | | People should be able to ask their covered |
| in 1996. The act covered a wide array of | | | | entities (which maintain PHI about them), to |
| issues surrounding the health insurance | | | | ensure that their communications with the |
| industry but in particular it required | | | | patient are confidential. It should be |
| administration simplification, which | | | | possible for people to file formal |
| addressed the issue of security and privacy | | | | privacy-related complaints to the Department |
| of health information. | | | | of Health and Human Services (HHS) Office for |
| | | | Civil Rights. Covered entities should |
| HIPAA is designed to standardize the way all | | | | document their privacy procedures, however, |
| health care organizations electronically | | | | they have discretion on what to include in |
| exchange sensitive patient data and to | | | | their privacy procedure. They are required to |
| protect patients from unauthorized disclosure | | | | designate a privacy officer and train their |
| of their medical records (whether paper or | | | | employees. Covered entities can use an |
| electronic). HIPAA outlined standards to | | | | individual's information without the |
| improve the nation's health care system by | | | | individual's consent if the purpose is to |
| incorporating electronic data exchange | | | | provide treatment, obtain payment for |
| between health care providers. The idea of | | | | services and to perform the non-treatment |
| course was to allow various health providers | | | | operational tasks of the provider's business. |
| to access the records of a particular | | | | Some of the agencies, government bodies and |
| patient. So, when a patient visits a new | | | | individuals who can access the medical |
| hospital, the covering doctor can access that | | | | records of a person under HIPAA compliance |
| patients past record and in so doing provide | | | | rules are the insurance companies, employers, |
| him with better care. However, as one could | | | | courts, hospitals, or individual physicians. |
| envisage, this raised a great number of | | | | This is also considered as a downside of the |
| apprehensions with respect to the privacy and | | | | HIPAA Privacy rule because sponsors of a |
| confidentiality of people's medical records. | | | | research study; makers of drugs for the |
| So the legislature created a fundamental list | | | | particular study and the researchers involved |
| of rules and regulations with which health | | | | in the study are included in this list. |
| care providers must comply. And the creation | | | | |
| of these rules and regulations gave birth to | | | | However, the ultimate objective of HIPAA is |
| the industry that is called HIPAA Compliance. | | | | to increase the efficiency and effectiveness |
| | | | of health information systems through |
| To ensure HIPAA compliance, there are certain | | | | improvements in electronic health care |
| key provisions, which need to be followed. | | | | transactions as well as to maintain the |
| For instance, individuals should be able to | | | | security and privacy of individually |
| access their records and request correction | | | | identifiable health information. |
| of errors. Also, they should be informed | | | | |