Medical Records, Informed Consent and HIPAA Essay

Outline

The main objective of HIPAA is to enforce a set of standards, or uniform regulations in the health care information system which provides privacy and confidentiality; in as far as the patients’ records are concerned. Earlier, states were at liberty to draft and impose their own rules, which perhaps, were not in conformity with Federal ones, or laws enforced in other states. This led to a great deal of chaos. The absence of a robust set of health care edicts at a federal level was sorely felt. It is believed that the scenario has not changed much since the passage of HIPAA in terms of real benefits passed on to the patient, in terms of greater degree of privacy and confidentiality in treatment records, moving away from laborious manual methods to more online and professional database.

Introduction

HIPAA is the acronym of The United States Insurance Portability &Accountability Act 1996, which was passed during August 1996, but which came into effect from April 2001. The main objective of HIPAA is to enforce a set of standards or uniform regulations in the health care information system which provides privacy and confidentiality as far as the patients’ records are concerned. In the absence of standardization within the health care governing and dispensing system, privacy, transparency and accountability could be compromised, which does not augur well for the future of critical health care sector and realization of its goals and objectives. Lack of confidentiality of patients’ records could open the floodgates to large instances of criminal malpractices and use of patients’ records by unscrupulous agents and institutions to gain bogus insurance claims, a common phenomenon occurring in many countries of the world.

What conditions led to the passage of HIPAA?

Earlier on, it was seen that there was absence of uniformity of rules and regulations governing the health care sector in the country. Thus, states were at liberty to draft and impose their own rules, which perhaps, were not in conformity with Federal ones, or laws enforced in other states. This led to a great deal of chaos. The absence of a robust set of health care edicts at federal level was sorely felt. These deficiencies in the systems and the resultant anomalies resulted in a lack of coherent and cohesive set of rules. HIPAA was then considered to be a “Holy Grail”, and thus needed to be protected to secure patients’ rights and access to their medical records. (HIPAA requirements, safeguards, and laws, 2009). Through HIPAA, a better coordinated and clear cut set of Federal laws were enunciated, which are uniformly enforceable in all states, and HIPAA obviated the need for each state, in making or amending their own laws, to suit their own narrow requirement, in their respective health care sector.

Standardization of healthcare information

“The HIPAA transactions and code set standards are rules to standardize the electronic exchange of patient-identifiable, health-related information. They are based on electronic data interchange (EDI) standards, which allow the electronic exchange of information from computer to computer without human involvement.” (Kibbe, 2001, para.3). Uniform standards and code sets were included in HIPAA in order to attain privacy and safety norms. This Privacy Rule “set national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).” (Health information privacy, n.d., para.1).

This would ensure adequate safeguards against tampering from unauthorized people or agencies. For example, if there is a need to provide patients’ health information to other agencies or institutions, only relevant parts of health information would be passed on, and not perhaps all the billing details. Again, if billings were to be requisitioned, only that information would be passed on.

Thus, ways and means have been devised to ensure, as far as possible, privacy and confidentiality of patients’ records and minimal chances of their misuse at the hands of unauthorized persons, or agencies. Coming to the security rule, it could be said that, through executive action, the authority for administration and enforcement of standards of security has been vested with the Office for Civil Rights (OCR). This has been done with the intention of combining both the administrative and enforcement aspects under one roof, for greater degree of operational usefulness and effectiveness.

Perhaps, what the uniform transmission standards and code sets in the context of HIPAA seek is that since both privacy and security rules are related and consistent with need for obviating repetitions, there is need for enhancing effectiveness, increasing efficiency of inquiries, and determining and remedying errors in the system.

Disclosure of PHI

The term PHI means Protected Health Insurance. There are certain situations in which it would be incumbent to disclose protected health insurance. These could be, firstly, when the Federal or State Government would be requiring this information for say, census purposes, secondly, it may be used by “a collection agency for unpaid medical bills” or “health oversight agency for audits and investigations.” (Fact sheet 8a: HIPAA basics, 2009, will I ever know how many people have seen my medical information?, para.4).

“The Privacy Rule incorporates what it calls a “minimum necessary” standard when it comes to how much information should be disclosed. Doctors, hospitals, and others covered by the HIPAA Privacy Rule are required to limit the amount of information disclosed to others to the minimum necessary to accomplish the intended purpose.“ (Fact sheet 8a: HIPAA basics, 2009, Medical information: What does HIPAA cover? para.5).

Thus, in case where disclosure of information may prejudice or act detrimentally to the best interests of the patients, it may not be disclosed, except under extenuating circumstances. There are exceptions to confidentiality arising out of protection of public health, control over epidemics, etc.

Conclusion

It is believed that the scenario has not changed much since the passage of HIPAA in terms of real benefits passed on to the patient and greater degree of privacy and confidentiality in treatment records, moving away from laborious manual methods to more online and professional data base. But, HIPAA compliance is more easily said than done. For one thing, to the uninitiated, it requires a complete revamping of the internal systems to make it HIPAA compliant, which involves great deal of investments, time, costs and efforts. Again, how the current health care workforce reacts to HIPAA compliance is also a matter of conjecture and speculation.

Reference List

Fact sheet 8a: HIPAA basics: Medical privacy in the electronic age: Medical information: What does HIPAA cover?. (2009). Privacy Rights Clearinghouse: Empowering Consumers, protecting privacy. Web.

Fact sheet 8a: HIPAA basics: Medical privacy in the electronic age: will I ever know how many people have seen my medical information?. (2009). Privacy Rights Clearinghouse: Empowering Consumers, protecting privacy. Web.

Health information privacy: HIPAA administrative simplification statute and rules. HHS. Gov: U.S. Department of Health & Human Services. Web.

HIPAA requirements, safeguards, and laws. (2009). Archive Compliance. Web.

Kibbe, D C. (2001). Family practice management: What the HIPAA transactions and code set standards will mean for your practice. AAFP, American Family Physician. Web.