Example Of Health Insurance Portability And Accountability Act: Privacy And Public Trust Research Paper

Introduction

In 1996, the US government, under President Bill Clinton, passed the Health Insurance Portability and Accountability Act (HIPAA). This was a landmark event that paved the way for subsequent legislation on health care. No other piece of legislation has since been as impactful with the exception of the Patient Protection and Affordable Care Act, more colloquially known as Obamacare that was passed in 2010. At the heart of the HIPAA is the issue of privacy. The ubiquity of technology and the America government’s reliance on digitizing personal information has heightened tensions between those who do and do not advocate for greater government oversight into the health care of Americans. The greater reliance on technology and the commensurate increase in hacking scandals, including of government websites has heightened people’s sensitivities around highly confidential information about their health.
Concerns are understandable considering the nature of employment and employees’ reliance on acquiring decent medical insurance. Might the disclosure of someone’s health records in the public domain compromise their chances of employment, or promotion (i.e., pre-existing conditions that may be costly to an employer’s insurance contract). In another vein, how much information are healthcare providers entitled to access? Might such information impact the nature of healthcare (e.g., pre-existing conditions may prompt a provider to re-direct a patient to another provider).

Organization/Overview

This paper serves to present details about the HIPAA with relevance to the often discussed Privacy Rule and Security Rule. The aim is to discern how well the government safeguards individuals’ healthcare information and what mechanisms are in place in the event of hacking, cyberattack, or other, that may compromise the security of this information. Additionally, the paper addresses what rights are bestowed on individuals in the event that there personal healthcare information is compromised. Towards this end, the following research question will guide this paper: To what extent should Americans be concerned about the safety of their information as deemed safe under the Privacy Rule and Security Rule of the HIPAA? How might the roll out of Obamacare impact issues of privacy and security that have been safeguarded by the HIPAA?
The organization of this paper will be as follows: First, an overview of the HIPAA will be provided with an historical overview of the HIPAA relative to origins and implementation. Focus will shift to the Privacy Rule and the Security Rule and their initial reception by the public and by politicians. The Privacy Rule and the Security Rule will then be framed in the context of the Patient Protection and Affordable Care Act (PPACA), more colloquially known as Obamacare. In particular, with the rollout of individuals signing up for Obamacare, the Privacy Rule and the Security Rule will be addressed as they relate to the continued digitization of individuals’ healthcare information. An analysis of the information in these two sections will follow in the Summary section. Finally, some conclusions will be drawn based on the research questions posed.

The HIPAA and the Privacy Rule and Security Rule

The Health Insurance Portability and Accountability Act was signed into law in 1996.
As noted by the US Department of Health and Human Services (2015), the law aims to reign in, or control administrative costs incurred by the healthcare industry, and to protect individuals’ healthcare information relative to privacy and security. Further, the HIPAA functions to help individuals keep their health insurance. Prior to the Act being signed into law, individuals who lost or changed jobs were not guaranteed to maintain the same level of insurance they were entitled to with their previous employer. In addition to safeguarding an individual’s health insurance, the HIPAA stipulated that within the workplace, “similarly situated individuals” were entitled to the same benefits in their health plan (Niccolini, et. al, p.2).
Two major sections of the act covered privacy and security, and were subsequently identified as the Privacy Rule and the Security Rule.
The Privacy Rule governs the Protected Health Information of individuals used by insurers or other healthcare providers. This includes medical history, payment history and other pertinent information. Disclosure of such information is permissible without the express written consent of the individual as deemed necessary regarding treatment, but the body disseminating such information is required to inform the individual of what was disclosed and to whom (Califf & Muhlbaier, 2003). Debates around the protection of individuals’ identity have primarily centred on research. According to Wilson (2006), clinical research is highly dependent on accessing healthcare records in aggregate to ascertain effects of lifestyle, prescription drugs and other factors as they relate to varying segments of the US population. Regulations, however, have significantly stymied access to such records. Although it is feasible to acquire some information, the backlog of requests, coupled with the exorbitant time to acquire approval has rendered some clinicians to rely on private companies to acquire information. The problem, notes Wilson, is that there is no more comprehensive database than that which is regulated under the HIPAA. The problem, he acknowledges, is in public trust and political manoeuvring. Protecting individuals’ rights and freedoms is far more attractive as a politician’s message to his or her electorate, than to diminish one’s rights and freedoms to the benefit of science. Many Americans remain skeptical of the merits of the caricature of white men with fuzzy hair dressed in lab coats hovering over test tubes (Plunk & Grucza, 2013).
The Security Rule is more complex. According to Solove (2013), the HIPAA is the most comprehensive and specific federal law. Among the myriad regulations under the Security Rule is the provision for individuals to make changes to their Protected Health Information. The massive amount of data floating around lends itself to errors. The fact that patients can amend their own medical records operates to further legitimize the HIPAA and creates a more accurate and secure system. Yet, ultimately, the best way to garner more public support around the Security Rule, and the Privacy Rule, for that matter is public awareness campaigns and education.

The Operationalization of the Privacy Rule and the Security Rule under Obamacare

According to McCaughey (2014), Obamacare will render individuals defenseless against the whims of government noting that privacy will inevitably compromised. Such hyperbole is not unusual in the polarized context of left wing and right wing America. Nevertheless, the fact that such work is published and enters the mainstream is an indicator that there is a significant population that largely distrusts government and that this has been exacerbated under the Obama presidency. So what does Obamacare say about the Privacy Rule and the Security Rule of the HIPAA?
First off, the website healthcare.gov, which is where individuals sign up for Obamacare stipulates that, “HealthCare.gov doesn’t collect any personally identifiable information (PII) about you during your visit to our website unless you choose to provide it to us.” (Healthcare.gov, 2015). Debates have nevertheless ensued at a congressional hearing in 2013 when congressman Joe Barton pressed a contractor involved with the design and construction of healthcare.gov stating, “You know it’s not HIPAA-compliant; admit it,” which was subsequently dismissed by congresswoman, Dianne Degette. She noted that it was a moot point (Koplowitz, 2013, Oct. 24). The healthcare.gov has nothing to do with HIPAA. Entities such as insurers or doctors are those who access health records. The purpose of healthcare.gov, in addition to being a resource about healthcare in the US, is to provide access points for individuals to find insurable healthcare providers, as required by law.
In this sense, there is no link between the two entities. The HIPAA aims to safeguard people’s rights to privacy and security in regards to their healthcare records. Obamacare, or healthcare.gov acts as a portal for individuals to register for healthcare and to provide a suitable provider.

Analysis

As demonstrated in the previous two sections, the HIPAA, and in particular, the Privacy Rule and the Security rule serve to protect the rights and liberties of Americans as it relates to their healthcare records. Although the HIPAA is imperfect – individuals are often charged a fee to access their healthcare records – the aim behind the HIPAA is to empower individuals on the one hand, enabling them to make amendments to their healthcare records based on proper documentation, and to facilitate better administration of individuals’ healthcare records across varying entities, such as healthcare providers, doctors, researchers, etc.
In this day and age, it is impossible to say without reservation that individuals’ personal information will remain private, safe, and secure. Yet, the roll out of the HIPAA, and even the clunky roll out of Obamacare occurred without compromising individuals’ identity, healthcare records, etc. Yet, issues remain in regards to ‘buy-in’ of Obamacare. Although this is unrelated to the HIPAA, as noted above, it reflects a larger issue of distrust with government. Nevertheless, the fact that all Americans are now entitled to healthcare, there is both promise and apprehension. The 44 million Americans who have gone without health insurance for some time will now be covered. Yet, with greater amounts of information located online, there also come the potential threat of information being compromised. Outside of such hypothetical scenarios, we will return to the research questions and offer some concluding thoughts.

Conclusions

This paper set out to address issues of privacy and security as it relates to the HIPAA and the roll out of Obamacare. The following research questions were posed:
The issues around Obamacare seem to be misguided in relation to privacy and security. Politicians’ incentive to score political points by misinforming their constituents serves a particular narrative of simply always disagreeing with the opposition. Frankly, if Republicans had been the ones who had passed a national healthcare mandate like Obamacare it is likely that similar rhetoric would be heard from the left as is currently heard from the right.
At the heart of the issue is public trust in government, which has been a long-standing love-hate relationship in America. Over time, it is likely that issues of privacy and security will dissipate among Americans as it relates to the protection of their healthcare records. Yet, this lofty assumption is also predicated on the continuation of successful measures to safeguard the identities of Americans; something that seems to be increasingly challenged into today’s hyper-networked global society.

Reference List

Califf, R. M., & Muhlbaier, L. H. (2003). Health Insurance Portability and Accountability Act (HIPAA) Must there be a trade-off between privacy and quality of health care, or can we advance both?. Circulation, 108(8), 915-918.
Healthcare.gov (2015). Privacy. Accessed on January 20, 2015 from: https://www.healthcare.gov/privacy/
Koplowitz, H. (2013, Oct. 24). Does The Obamacare Website Violate Your Privacy? HIPAA Compliance Debate Rages At House HealthCare.gov Hearing. International Business Times. Accessed on January 20, 2015 from: http://www.ibtimes.com/does-obamacare website-violate-your-privacy-hipaa-compliance-debate-rages-house-healthcaregov
McCaughey, B. (2014). Beating Obamacare 2014: Avoid the Landmines and Protect Your Health, Income, and Freedom. Regnery Publishing.
Niccolini, R. R., Rothman, J. A., Deakins, O., & Williams, T. A. Employee Wellness Programs: Unraveling the Knot of HIPAA, GINA, ADA and Other Applicable Laws.
Plunk, A. D., & Grucza, R. A. (2013). Public health research, deception, and distrust. The American Journal of Bioethics, 13(11), 54-55.
Solove, Daniel J. "HIPAA Mighty and Flawed: Regulation has Wide-Reaching Impact on the Healthcare Industry." Journal of AHIMA 84, no.4 (April 2013): 30-31.
US Department of Health and Human Services (2015). Health Information Privacy. Accessed on January 20, 2015 from: http://www.hhs.gov/ocr/privacy/index.html
Wilson, J. F. (2006). Health Insurance Portability and Accountability Act Privacy rule causes ongoing concerns among clinicians and researchers. Annals of internal medicine, 145(4), 313-316.