Data breaches in health care organizations placing patient information at risk are increasingly common and have an estimated cost of over $2.2 million per occurrence.1In an effort to combat digital information from slipping through the cracks, the federal government crafted the Health Insurance Portability and Accountability Act of 1996 (HIPAA)2 to protect patient privacy through enforcement of how health care organizations use, store and disclose information.
For health and human services students committed to comprehensive quality in patient care, health and safety, it’s important to understand the purpose of HIPAA laws and how they affect the operations of organizations. Qualified professionals, who have a clear understanding of the HIPPA privacy laws, are vital to improving HIPAA workflows and mitigating risks of data breaches.
The Basics of HIPAA
Patients have often encountered HIPAA whether they realize it or not; when they go to their health care provider’s office prior to an appointment and fill out their health history, they’ll be asked to read and sign several pages of forms. These forms may include HIPAA paperwork that outlines how their information may be shared within the organization.
HIPAA regulations include the Privacy Rule3 and the Security Rule.4 The Privacy Rule establishes protections that set parameters on how providers use patient information and who they share it with. This rule also enables patients to request health record copies or make corrections to them in case of errors. The Security Rule outlines actual procedures on how to safeguard patient information. Procedures may include details on how or where information can be housed as well technological specifications for software protection.
Health care providers such as physicians, registered nurses, emergency medical technicians, and patient care coordinators must abide by HIPAA regulations2 to ensure quality patient care and privacy. Health plans and third party organizations that process patient health information are also bound to compliance.
HIPAA’s Influence on the Health Care Industry
HIPAA regulations create a unique ripple effect in health care and public health. These federal rules are in place to harmonize privacy with access to quality care; the regulations protect patient privacy, but sharing information between providers from different organizations requires increased coordination with patients and facilities to ensure consent. For clinicians, students, scientists and other professionals involved in health care, research is vital as a cornerstone to improving patient care outcomes and the effective use of technology.
HIPAA’s impact on research can present obstacles to participant recruitment, diversity in study participants, access to data and the completion of studies. These challenges may directly increase the amount of funding needed for research.5
In many cases, HIPAA can work to directly benefit the workplace by boosting the responsibility and transparency of health information management. Digital paper trails can determine who views patient records, tracks changes, or updates information.
HIPAA also enhances integrity of a health care facility’s business practices by enforcing data access restrictions, which limits liability. Strong password enforcement is another key feature of HIPAA’s security measures, which can cut back on sensitive data access from inside and outside of a health care organization.
Regulations require the implementation of data backup strategies and malware protection parameters. Cyber breaches cost the industry up to $6.2 billion in losses, 1 so protection augmented by HIPAA can reduce a facility’s overall cost of operation, and prevent loss or tampering of patient records.
HIPAA’s physical security requirements, which include details regarding camera surveillance, securely locked doors, identification badges and power loss contingency help organizations implement the extra layers of protection they need to ward off data breaches.
The Role of HIPAA for Health Informatics Jobs
While the HIPPA privacy rules protect sensitive information regarding patient health and care, rules do permit certain authorities to disclose protected information without authorization to protect the health of individuals and populations.6 Examples of situations where disclosing information may be critical include child abuse or neglect, persons at risk of contracting or spreading disease and medical surveillance related to workplace injuries.
Cultivate Solutions for the Health of Your Community with an Online MSHI Degree
The University of Scranton’s Master of Science in Health Informatics (MSHI) program offers a curriculum developed to teach students the skills to protect the health of individuals and communities through prevention and health education. The online MSHI program offers a flexible class schedule to accommodate working professionals who demonstrate leadership skills and to wish to advance their education and career.
Learn more about Health Informatics at The University of Scranton.
1 Ponemon Institute. (2016). The sixth annual benchmark study on privacy & security of health care data. Retrieved from http://www.cahiim.org/hi/aparprocess.html
2 U. S. Department of Health & Human Services. (n. d.). Health information privacy. Retrieved from http://www.hhs.gov/hipaa/index.html
3 U. S. Department of Health & Human Services. (n.d.). The HIPAA Privacy Rule. Retrieved from http://www.hhs.gov/hipaa/for-professionals/privacy/index.html
4 U. S. Department of Health & Human Services. (n.d.). The Security Rule. Retrieved from http://www.hhs.gov/hipaa/for-professionals/security/index.html
5 U.S. Dept. of Health & Human Services National Institutes of Health. (2007). Clinical Research and the HIPAA Privacy Rule. Retrieved from https://privacyruleandresearch.nih.gov/clin_research.asp
6 U. S. Department of Health and Human Services. (n. d.). Public health. Retrieved from http://www.hhs.gov/hipaa/for-professionals/special-topics/public-health/index.html