Good Case Study On Health Insurance Portability And Accountability Act
The main purpose of the Health Insurance Portability and Accountability Act of 1996 (HIPPA) (Smith, Gambrell & Rusell, LLP, 2003) is to make the insurance in the health sector is effective, brings efficiency and increases equality in hospitals and other health centers. It likewise helps to maintain confidentiality in the industry by protecting patients’ information. HIPPA addresses issues that affect different groups in the industry; however, in this paper we will look at one, the security issue that touches on all groups.
The physician has to ensure that all the security measures are adhered to physically, in all the networks and processes in his practice. This includes the covered entities and the business associates of the practice. Additionally, he must incorporate people who have been subcontracted by his business associates (Smith, Gambrell & Rusell, LLP, 2003). He must come up with privacy rules that he will use in his practice. He must then seek professional help from HIPAA experts to make sure he is doing the right thing. He must carry out risk assessment in his practice on a regular basis to reduce risks.The security rule that is addressed in HIPPA states that a physician must protect all the documents and information of his patients. The security practices and policies associated with HIPAA state that the physician must analyze his risks (Vaidya, 2013). He should thoroughly look into all his documents, networks and his entire building and ensure that only the authorized employees can have access to them. This risk analysis process will help him identify any risk that needs to be removed. He can do this process by comparing whether his practice matches what is in the security rule requirement of HIPPA. In the process of risk analyzation, he should likewise look for potential or likelihood of any risk and ensure he prevent the occurrence of the risk for his practice to succeed. He should put in record the risk analyzation process for future reference. Similarly, if he has added another policy, it should be documented as well. Seeking professional help will also be very important (Vaidya, 2013). The security policy has five classes that include: administrative, physical, technical, organizational and documentation standards. However, the first three are the most important policies in any health practice; administrative, physical and technical. It is very critical for the physician to go through this policy and makes sure he understands everything (Miaoulis, 2004). The administrative standards are important because the physician has to give some of his employees administrative tasks because he cannot handle all by himself. Therefore, the physician has t choose very wisely the people that he assigns administrative jobs. These people will have access to the system, passwords and this means even the information of patients (Miaoulis, 2004). The physician must ensure that these employees can only get the information they need for their respective jobs and not all the information. The physical standard must be adhered to because the practice has equipment rooms that not all employees should be let in. The only staffs that must go in to the rooms that have EPHI equipments must be monitored and care is taken to ensure they only do what they are assigned and in the proper manner. This also applies to workstations of some employees and computer devices that have important information. Technical standards require that measures are taken to protect information that the practice shares with an individual or an organization that is outside the practice, therefore this information has to be transferred electronically (American Psychological Association Practice Organization, 2005). These standards help protect the practice by requiring identification when accessing some areas, for example one may be asked to produce an identification card.
In case the physician does not adhere to the Health Insurance Portability and Accountability Act of 1996 (HIPPA) he will be penalized a maximum of $50,000 per every violation or he could go to jail. It is therefore very important for the physician to protect the information of his patients; from people he is doing business with all his employees.
American Psychological Association Practice Organization, (2005). The HIPAA Security Rule Primer. Retrieved 23 March 2015, from http://apapracticecentral.org/business/hipaa/security-rule.pdf
Miaoulis, W. (2004). HIPAA Security Overview. Ahima. Retrieved 23 March 2015, from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_048519.hcsp?dDocName=bok1_048519
Smith, Gambrell & Rusell, LLP,. (2003). HIPAA. Retrieved 23 March 2015, from http://www.sgrlaw.com/resources/trust_the_leaders/leaders_issues/ttl5/915/
Vaidya, A. (2013). 10 Steps for Ensuring HIPAA Compliance. Becker's Hospital Review. Retrieved 23 March 2015, from http://www.beckershospitalreview.com/legal-regulatory-issues/10-steps-for-ensuring-hipaa-compliance.html