Sample Paper on HIPAA in the Age of Electronic Health Records

HIPAA in the Age of Electronic Health Records

The rapid growth of computer technology has transformed the medical sector in an exceptional manner, as the country endeavors to turn paper records into electronic records. However, electronic health records do not provide complete protection of information that they hold. Security risks still exist despite protection from the government. The government should contemplate on amending the HIPAA (Health Insurance Portability and Accountability Act), which was enacted by the Congress in 1996 to tackle the issue of security and privacy of the healthcare data (Pasternack 818).

The current HIPAA covers only on “covered entities”, thus, allowing the uncovered entities to reveal protected health information to other parties without the patients’ authorization. The covered entities may opt to disclose the protected health information if they believe that doing so will reduce any imminent threat. In addition to this, non-covered entities, such as Google Health, allow consumers to store their health information freely at their own pleasure. The web-based system permits users to control their health information through editing, viewing and sharing that information. However, users may forget to limit other people to access their information before leaving the web site.

The government should endeavor to formulate standardized regulations to safeguard on Electronic health records (EHR) usually offer a level of functionality that traditional paper records cannot afford to give. EHR can be connected together, thus, maximizing their coordination and accessibility. This allows patients to receive care anywhere, rather than only in hospital settings. Doctors can also access patient’s treatment history with ease due to interconnection of records. Due to their legibility, risks of incorrect prescriptions will be reduced. Thus, the government should adopt the use of EHR systems and implement standardized regulations to guide the client-server systems.

Standardized regulations are crucial in maintaining of electronic medical records, as it becomes easier to access the records. HIPAA forbids covered entities from revealing protected health information, but does not have the power to restrict non-covered entities from exposing the EHR without client’s authorization. The government should take control of the web-based systems to restrict inappropriate utilization of health information. The government has the capacity to monitor these systems, in addition to offering other organizations that deal with health care provision the access to health information.

Recommendations for HIPAA Regulations

There is a need to review the law governing the health care information, as the current law is highly fragmented. As a member of the advisory board in the US Department of Health and Human Services, I would recommend the government to compel the Congress to expand the list of entities that the HIPAA has to cover to allow consumers with limited access to health information to be protected. This list should incorporate both covered and non-covered entities.  The Congress should guarantee protection to clients who seek to sue the state, or any other organization that act against their will.

HIPAA should allocate a private right to the victims whose security rights have been breached. Creation of the private right of action will assist the consumer in seeking redress (Pasternack 839). The Privacy Rule should offer details concerning the type use that individual would identify the protected health information. The rule should also give room for conducting the health research. Qualified personnel, who have the permission from the Privacy Board, should carry out research.

Public disclosure requirement should be implemented to provide consumers with all information that they may need pertaining to the genuine security of their health information. This will enable consumers to make choices on how their information should be stored. The HIPAA should ensure that patients are offered a Notice of Privacy Practice showing how the covered entity will protect their health information, in addition to specifying their rights (Hristidis 112). All health institutions should ensure that their systems are capable of securing health information. Health insurers should also provide notices occasionally to their customers.

The time that the health information is disclosed is extremely important because it will allow the client to undertake a remedial action to safeguard one’s identity after a breach of data. Thus, HIPAA should be audited periodically to ensure that no permissible disclosure is made. Auditing will also help to ensure that there is no violation of privacy and security (Posa and Terry). IT (information Technology) officers should be utilized in auditing to explain how EHRs work.

To exhibit compliancy and adherence to the rules, a review should be made on individuals who may be having physical access to the prohibited sites, in addition to monitoring their actual access. Only a few members should be permitted to make any changes on the security system. A covered entity should execute policies and actions to guide on the EHR. Data must be secured before being transmitted to other locations to avoid hacking. A proposed remedy on security and privacy of the EHRs should ensure that the risks are awarded to the body that can deal with the risks appropriately. 

Works Cited

Hristidis, V. (2010). Information discovery on electronic health records. Boca Raton: Taylor & Francis.

Pasternack, Eric S. “HIPAA in the Age of Electronic Health Records” Rutgers law Journal, 41(817).817-846 (n.d). Web. 19 March 2014

Posa, Ray, and Mark Terry. “Are You Ready for a HIPAA Audit?” Medical economics 88.11 (2011): 40,40,44,46,49. ProQuest. Web. 19 Mar. 2014.