The rapid growth of computer technology has transformed the medical sector in an exceptional manner, as the country endeavors to turn paper records into electronic records. However, electronic health records do not provide complete protection of information that they hold. Security risks still exist despite protection from the government. The government should contemplate amending the HIPAA (Health Insurance Portability and Accountability Act), which was enacted by Congress in 1996 to tackle the issue of security and privacy of healthcare data (Pasternack 818).
The current HIPAA covers only “covered entities”, thus, allowing the uncovered entities to reveal protected health information to other parties without the patients’ authorization. The covered entities may opt to disclose the protected health information if they believe that doing so will reduce any imminent threat. In addition to this, non-covered entities, such as Google Health, allow consumers to store their health information freely at their own pleasure. The web-based system permits users to control their health information through editing, viewing, and sharing that information. However, users may forget to limit other people’s to access their information before leaving the website.
The government should endeavor to formulate standardized regulations to safeguard Electronic health records (EHR) usually offer a level of functionality that traditional paper records cannot afford to give. EHR can be connected together, thus, maximizing their coordination and accessibility. This allows patients to receive care anywhere, rather than only in hospital settings. Doctors can also access a patient’s treatment history with ease due to the interconnection of records. Due to their legibility, the risks of incorrect prescriptions will be reduced. Thus, the government should adopt the use of EHR systems and implement standardized regulations to guide the client-server systems.
Standardized regulations are crucial in maintaining electronic medical records, as it becomes easier to access the records. HIPAA forbids covered entities from revealing protected health information but does not have the power to restrict non-covered entities from exposing the EHR without the client’s authorization. The government should take control of web-based systems to restrict the inappropriate utilization of health information. The government has the capacity to monitor these systems, in addition to offering other organizations that deal with health care provides the access to health information.
Recommendations for HIPAA Regulations
There is a need to review the law governing health care information, as the current law is highly fragmented. As a member of the advisory board in the US Department of Health and Human Services, I would recommend the government to compel Congress to expand the list of entities that the HIPAA has to cover to allow consumers with limited access to health information to be protected. This list should incorporate both covered and non-covered entities. Congress should guarantee protection to clients who seek to sue the state or any other organization that acts against their will.
HIPAA should allocate a private right to the victims whose security rights have been breached. The creation of the private right of action will assist the consumer in seeking redress (Pasternack 839). The Privacy Rule should offer details concerning the type of use that individual would identify the protected health information. The rule should also give room for conducting health research. Qualified personnel, who have permission from the Privacy Board, should carry out research.
Public disclosure requirements should be implemented to provide consumers with all information that they may need pertaining to the genuine security of their health information. This will enable consumers to make choices on how their information should be stored. The HIPAA should ensure that patients are offered a Notice of Privacy Practice showing how the covered entity will protect their health information, in addition to specifying their rights (Hristidis 112). All health institutions should ensure that their systems are capable of securing health information. Health insurers should also provide notices occasionally to their customers.
The time that the health information is disclosed is extremely important because it will allow the client to undertake a remedial action to safeguard one’s identity after a breach of data. Thus, HIPAA should be audited periodically to ensure that no permissible disclosure is made. Auditing will also help to ensure that there is no violation of privacy and security (Posa and Terry). IT (Information Technology) officers should be utilized in auditing to explain how EHRs work.
To exhibit compliance and adherence to the rules, a review should be made on individuals who may be having physical access to the prohibited sites, in addition to monitoring their actual access. Only a few members should be permitted to make any changes to the security system. A covered entity should execute policies and actions to guide the EHR. Data must be secured before being transmitted to other locations to avoid hacking. A proposed remedy on the security and privacy of the EHRs should ensure that the risks are awarded to the body that can deal with the risks appropriately.
Hristidis, V. (2010). Information discovery on electronic health records. Boca Raton: Taylor & Francis.
Pasternack, Eric S. “HIPAA in the Age of Electronic Health Records” Rutgers Law Journal, 41(817).817-846 (n.d). Web. 19 March 2014 http://lawjournal.rutgers.edu/sites/lawjournal.rutgers.edu/files/issues/v41/3/08PasternackVol.41.3.r_1.pdf
Posa, Ray, and Mark Terry. “Are You Ready for a HIPAA Audit?” Medical economics 88.11 (2011): 40,40,44,46,49. ProQuest. Web. 19 Mar. 2014.