Introduction
Protecting and securing the rights of people when they are at their most vulnerable must be deemed as the quintessential responsibility of the state government, as well as respective healthcare authorities. Therefore, ensuring that patients’ personal data and other vulnerable information should be kept secure in the healthcare environment. Currently, the Health Insurance Portability and Accountability Act (HIPAA) serves to protect the rights of patients to retain their privacy and remain safe when using healthcare services (Cohen & Mello, 2018). Moreover, the specified regulation shapes the way in which the issue of information security is perceived in the healthcare setting, as well as the approaches used to enhance data security. By considering some of HIPAA’s key provisions and the effects that it has produced on the performance of Humana, a prominent U.S. health insurance organization, one will be able to identify weaknesses in the current approach toward patients’ personal data and insurance options.
Humana: Rationale for the Choice
To illustrate the effects that the HIPAA standards have produced on the safety of patients and the security of their personal information once they address healthcare services, Humana has been chosen as an example to consider. Being a for-profit company that has been operating in the insurance industry, Humana is considered to be one of the largest health insurance providers in the U.S. (Cohen & Mello, 2018). By considering the effects that HIPAA has produced on Humana, one will be able to embrace the entire range of effects that information security regulations have had on the healthcare sector. Specifically, the large scope of Humana and its exclusive focus on health-related human rights were the key deciding points in selecting it as a subject of this study.
Humana: Description
Managed healthcare services remain some of the most crucial and consistently demanded ones in the U.S. setting. Due to the presence of numerous obstacles to providing healthcare of proper quality, a range of American citizens suffer from the lack of affordable and effective healthcare (“Humana overview,” 2021). Humana, a U.S. for-profit company providing health insurance services, strives to amend the described situation (“Humana overview,” 2021). Currently, Humana (2021) offers three options for health insurance, namely, group health insurance, dental plans, vision plans, and Medicare/Medicaid options. Humana has proven to perform quite impressively in the U.S. healthcare insurance market, with its stock prices increasing consistently and landing currently at $391.55 (“Humana overview,” 2021). Overall, the company has been demonstrating prowess and professionalism in its management of customers’ insurance needs. However, the company lacks the innovative approach and the ethical values that could prevent data leakage and disclosure for taking place in the corporate setting. By introducing new policies based on transparency and corporate social responsibility (CSR), Humana will be able to enhance its security an improve its data management framework.,
Humana and the Health Insurance Portability and Accountability Act (HIPAA)
When addressing the performance of Humana, one must refer to the Health Insurance Portability and Accountability Act (HIPAA) that serves as the legal framework for the company to meet and follow. HIPAA was approved of in 1994 as the tool for addressing issue associated with health insurance. According to the U.S. Department of Health & Human Services (2021, para. 1), HIPAA is used to “improve the efficiency and effectiveness of the health care system.” Currently, HIPAA is implemented successfully to ensure compliance with the fundamental standards of care and protection of patients’ privacy (U.S. Department of Health & Human Services, 2021). Developed in the way that prevents any form of discrimination from taking place when using it, HIPAA makes insurance portable by removing the connection between insurance opportunities and a particular job of an individual to be ensured (U.S. Department of Health & Human Services, 2021). However, HIPAA also suffers from the lack of insight into the role of third parties, such as digital healthcare app providers, in handling patients’ personal data (U.S. Department of Health & Human Services, 2021). Therefore, the efficacy of HIPAA is yet to be tested.
Legal Cases
Over the course of being implemented in the health insurance context, HIPAA has been connected to a range of legal cases. These legal issues have created premises for improving HIPAA and amending some of its provisions to ensure that all vulnerable groups are included and that the regulation is not in conflict with any of the existing legal standards. Among the most significant cases regarding HIPAA, one must mention the 2016 case of HIPAA violation in Illinois. According to the case details, the entire Illinois healthcare network proved to be compromised, exposing four million people to the threat of their personal information being misused as a result of privacy violation (Bassan, 2020). Namely, the data breach occurred after perpetrators had stolen an unencrypted laptop from the hospital employee’s car (Bassan, 2020). The specified case has proven the importance of complying with the principal HIPAA rules and developing a risk analysis framework that would protect patients’ private data (Bassan, 2020).
Another landmark case that has proven the role of maintaining a viable data protection system, the legal incident involving an imaging company in Tennessee warrants a closer look. According to the details of the case, Touchstone Medical Imaging, a healthcare organization offering imaging services in Tennessee, was proven to be guilty for violating a range of data breach management cases, failing to inform around 300,000 patients about the data leakage and, therefore, exposing them to a potential threat (HIPAA Journal, 2019). Although the case resulted in a settlement, it has proven the importance of having HIPAA as the tool for controlling compliance with the principal standards for data security and patients’ privacy.
Additionally, one must address the case of a company unintentionally making a misstep and placing its patient in danger due to the exposure of her personal data in a press release. In its effort to maintain transparency and update its customers on the changes within the organization, the Memorial Hermann Health System (MHHS) made the name of a patient who used a false ID card in the hospital system, public (HIPAA Journal, 2019). The described case is remarkable since it demonstrates that the threat to patients’ security may not necessarily target them as an external force; instead, it may come from within the healthcare organization. Thus, the case under analysis has illustrated the importance of applying HIPAA and complying with its key guidelines even in the setting where the external threat to patients’ personal information is minimized.
Finally, one must mention the breach of HIPAA involving Humana, the company under analysis. In July 2021, a massive data breach occurred at Humana after a subcontractor staff member leaked personal information of the patients, including their names, email addresses, IDs, and other personal details (Humana Lawsuit – Data Breach of Medical Information, 2021). The records made available to the public dated back to 2019, which meant that a tremendous number of patients were placed under a massive risk (Humana lawsuit – Data breach of medical information, 2021). The specified situation has led to Humana facing a lawsuit filed by one of its former patients (Humana lawsuit – Data breach of medical information, 2021). When disentangling the case under analysis, one should point out that the legal action filed against Humana was based not only on the data breach issue, but also on the fact that the organization failed to notify its customers about the disaster, preferring to keep the information about the data leak private before it became obvious that the issue could not be resolved promptly (Humana lawsuit – Data breach of medical information, 2021). Therefore, Humana evidently needs to revisit its standards for complying with HIPAA rules, particularly, the standards for information security and the notification of customers about the instances of data breach.
Intellectual Property Rights: Trademarks
Over the course of its performance, Humana has created several trademarks and patents. Among the most notable ones, the Medicare Pharmacy Calculator II, “prescription drug prior authorization system and method,” and the “method for using financial incentives with member engagement metrics to reduce health care claim costs” should be listed (Humana, n.d.). The specified patents represent the variety of services that Humana provides and the broad range of areas that it covers. However, the organization does not seem to have been awarded any specific IP rights for its trademarks. Therefore, it would be reasonable for Humana to consider securing its current IP rights tighter and preventing the instances of IP theft. Given the high rates of rivalry in the target market of health insurance, with juggernauts such as Medicare and Medicaid representing Humana’s key competitors, it will be reasonable to create a stronger competitive advantage. In turn, securing the IP rights for the company’s trademarks will help Humana to become more competitive.
Trade Secrets
The issue of trade secrets disclosure is another possible area of concern for Humana given the high rates of competition in the U.S. healthcare setting. Currently, Humana has several trade secrets, one of which is under the threat of being revealed to the general public (, 2021). Namely, the information about Humana’s collaboration with the military in an attempt at launching its military insurance business has recently been made available to the audience (Humana prefers you don’t know the details of its $45 billion Tricare contract, 2021). Specifically, it has been discovered that Humana has signed a $40.6 billion contract with a military organization in order to expand into the military industry and provide respective security services (Humana prefers you don’t know the details of its $45 billion Tricare contract, 2021). The specified step could be interpreted as controversial given the complicated nature of its implications. Namely, since the army represents the state officials and their policies to a certain extent, Humana’s involvement in the military issues could be seen as a politicized decision.
Crime and Tort Risks
Targeting the enhancement of personal security of its client, Humana has been particularly careful with the legal aspect of its performance as well. Remarkably, Humana has never been involved in any case of a tort up until the late 2000s (Humana, Inc. v. Shrader & Assocs., LLP, 2018). Remarkably, Humana has no only faced an instance of a tort breach, but has also contributed to shaping the current tort standards. Namely, Humana faced accusations of failing to offer the promised services and introduce a cost-efficient approach toward personal insurance in 2009 by Joel Kaye (Humana, Inc. v. Shrader & Assocs., LLP, 2018). The specified outcome has shape Humana’s approach toward information security management to a great extent, promoting transparency and clarity in the company’s transactions (Humana, Inc. v. Shrader & Assocs., LLP, 2018).
In addition, Humana has recently faced a substantial threat of a lawsuit due to the instance of a massive data breach mentioned above. Namely, due to the instance of data breach observed in 2020, Humana faced the threat of a class action lawsuit that could have been started and implemented quite successfully by the customers who had their personal information stolen (Humana, Inc. v. Shrader & Assocs., LLP, 2018). However, the company has avoided a lawsuit; furthermore, Humana has been noticed to make evident steps toward filing a legal claim against the Visionary, an organization whose employee, previously Humana’s subcontractor, facilitated information leakage (Humana, Inc. v. Shrader & Assocs., LLP, 2018). Therefore, overall, Humana is exposed to external risks roughly to the same extent as any other organization operation in the legal field.
Assessment: Legal System
As the case of data breach involving Humana described above has shown, the legal system applied at Humana suffers from the lack of accurate definitions of risks and a coherent approach toward informing its customers about the incidences associated with data breach. The observed issue could also be ascribed to underdeveloped corporate ethics, namely, the lack of responsibility. Therefore, it is strongly recommended that Humana should rewrite the existing guidelines for informing customers about situations involving data breach or leakage.
Conclusion
Although the HIPAA provides a rather comprehensive overview of key risks that patients are likely to face in the healthcare context in regard to their personal data management, the regulation still lacks the tools for its reinforcement. Similarly, HIPAA’s requirements for the involvement of the third party may cause certain privacy issues. Due to the involvement of third party HIPAA entities into the process of managing the needs of patients, the threat of data leakage and the resulting disclosure of personal information arises. Therefore, patient consent must be introduced as a vital step of providing respective healthcare services. Furthermore, more rigid control tools should be established to reduce the threat of ePHI being disclosed. Overall, the current HIPAA standards have proven to work quite well for Humana, yet they provide only a basic framework that should be expanded further to encompass the broad variety of threats to patients’ personal data.
References
Bassan, S. (2020). Data privacy considerations for telehealth consumers amid COVID-19. Journal of Law and the Biosciences, 7(1).
Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century.JAMA, 320(3), 231-232.
HIPAA Journal. (2021). Touchstone Medical Imaging fined $3 million by OCR for extensive HIPAA failures.
Humana overview. (2021).
Humana prefers you don’t know the details of its $45 billion Tricare contract. (2021).
Humana, Inc. v. Shrader & Assocs., LLP. (2018). CIVIL ACTION NO. G–16–0354.
Humana. (2021). About Humana. Web.
Humana. (n.d.). Humana patents. Web.
U.S. Department of Health & Human Services. (2021). HIPAA for professionals. Web.