in this tumultuous age, nationwide regulations, years in the making, were introduced under the Health Insurance Portability and Accountability Act (HIPAA) signed into law on 1996. • In the years that followed, it appeared that the delays in implementation might lead to its demise. Overview of HIPAA
• The Health Insurance Portability and
Accountability Act (HIPAA) was signed into law by President Clinton in 1996. • The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation. Overview of HIPAA
• Guaranteeing the security and privacy of
health information has been the focus of numerous debates. • One of the biggest stumbling blocks to implementation of comprehensive standards for privacy was the associated cost. Overview of HIPAA
• The Administrative Simplification portion
of this law is intended to decrease the financial and administrative burdens by standardizing the electronic transmission of certain administrative and financial transactions. Overview of HIPAA • The Privacy Requirements went into effect on April 14, 2003 and limit the release of protected healthcare information (PHI) without the patient’s knowledge and consent. • According to the US Department of Health and Human Services (2002), there are certain rights provided to patients by the Privacy Rule. Overview of HIPAA
• On October 16, 2003 the Electronic
Transaction and Code Set Standards became effective.
• The Security Requirements went into effect on
April 21, 2005 and requires the covered entities to put safeguards into place that protect the confidentiality, integrity and availability of protected health information when stored and transmitted electronically. Overview of HIPAA • Safeguards need to be in place to control access whether the data and information are at rest, residing on a machine or storage medium, being processed or in transmission such as being backed up to storage or disseminated across a network. • HIPAA, with its privacy, confidentiality and security regulations became the first national rules for protecting the patient’s health information. Overview of HIPAA
• As information becomes more prevalent
in electronic formats, it will be easier to collect, store, monitor, track, exchange, disseminate and aggregate PHI across covered entities including healthcare networks and data repositories. Overview of HIPAA • The HIPAA standards are designed to smooth the path and actually increase the amount of electronic transmissions. • “The American National Standards Institute (ANSI) X12N and Health Level 7 (HL7) Standards Organizations worked together to develop an electronic standard for claims attachments to recommend to HHS” (Spencer and Bushman, 2006, ¶ 2). Overview of HIPAA
• HL7 was initially associated with HIPAA in
1996 through the creation of a Claims Attachments Special Interest Group charged with standardizing the supplemental information needed to support healthcare insurance and other e- commerce transactions. Health Level 7 (HL7 ) • Health Level 7 (HL7) - Level Seven in HL7’s name means the “highest level of the International Standards Organization's (ISO) communications model for Open Systems Interconnection (OSI) - the application level. • The application level addresses definition of the data to be exchanged, the timing of the interchange, and the communication of certain errors to the application. Overview of HIPAA
• The HL7 mission is supported through
two separate groups, the XML Special Interest Group and the Structured Documents Technical Committee. • ISO is “a non-governmental organization: its members are not, as is the case in the United Nations system, delegations of national governments. Overview of HIPAA • It is evident that many organizations have guidelines, standards and rules to help healthcare entities collect, store, manipulate, dispose of and exchange secure PHI. • HIPAA guarantees the security and privacy of health information and curtails health care fraud and abuse while enforcing standards for health information. United States and Beyond • The Gramm-Leach-Bliley Act (GLBA) is federal legislation in the United States to control how financial institutions handle the private information they collect from individuals. • Sarbanes-Oxley Act (SOX) was legislation that was put in place to protect shareholders as well as the public from deceptive accounting practices in organizations. HIPAA
• HIPAA Privacy Rule is intended to
enhance the rights of individuals. • This rule provides them with greater access and control over their PHI. • They can control its uses, dissemination and disclosures. HIPAA
• Covered entities must not only establish a
required level of security for PHI but also sanctions for employees who violate their privacy policies and administrative processes for responding to patient requests regarding their information. Securing Information In A Network Fair Use of Information and Sharing Copyright laws in the world of technology are notoriously misunderstood. The same copyright laws that cover physical books, artwork, and other creative material are still applicable in the digital world. Offsite Use of Portable Devices If a device is lost or stolen, the agency must have clear procedures in place to help insure that sensitive data does not get released or used inappropriately. The Department of Health and Human Services (2006) identifies potential risks and proposes risk management strategies for accessing, storing, and transmitting EPHI. Visit this website for detailed tabular information (p 4-6) on potential risks and risk management strategies: http://www.cms.hhs.gov/SecurityStandard/Downlo ads/SecurityGuidanceforRemoteUseFinal122806. pdf Thought Provoking Questions 1. Joseph Kiram, a diabetes nurse educator recently read an article in an online journal that he accessed through his health agency’s database subscription. The article provided a comprehensive checklist for managing diabetes in older adults that he prints and distributes to his patients in a diabetes education class. Does this constitute fair use or is this a copyright violation? Thought Provoking Questions 2.Ms. Zenne Sue is a COPD clinic nurse enrolled in a Master’s education program. She is interested in writing a paper on the factors that are associated with poor compliance with medical regimens and associated re- hospitalization of COPD patients. She downloads patient information from the clinic database to a thumb drive that she later accesses on her home computer. Sue understands rules about privacy of information and believes that since she is a nurse and needs this information for a graduate school assignment that she is entitled to the information. Is Ms. Sue correct in her thinking? Give your rationale.