HIPAA Security Rule
In this paper, we will talk about HIPAA or Health Insurance Portability and Accountability Act. First, it is necessary to mention the HIPAA security rule. It states that healthcare professionals are required to protect patient information that is stored electronically. To do this, they can use administrative, physical, and technical means. As a consequence, data must be kept confidential, complete, and well-protected. This is especially critical now when it is easy for intruders to access personal data.
Definitions
There are some crucial terms that we need to understand in order to work with the use of HIPAA.
HIPAA or Health Insurance Portability and Accountability Act is the health insurance mobility and accountability law. The act is divided into five sections dealing with different aspects of insurance, health electronic transaction standards, and insurance plans.
PII, or personally identifiable information, is any information related to a directly or indirectly identified or identifiable person provided to another natural or legal person or persons.
PHI, or protected health information, is the medical data of patients protected by the state from illegal study and change.
ePHI, or electronically protected health information, is the protected health information that is stored electronically.
These various types of information should be properly used and protected by medical institutions.
Safeguarding of PII, PHI, and EPHI
Medical institutions are obliged to store data about each patient’s health in the form of a medical record, and their disclosure is prohibited under any conditions. Therefore, there is a problem with possible information leaks.
It is essential to ensure the required level of data protection at every stage of data processing. This includes the process of collecting and recording information, organizing and storing it in the database, clarifying details, and, finally, destroying information that has lost its relevance. Each of these steps can be automated, but the system must be built reliably and clearly to protect patients from information disclosure.
Disclosures of PII, PHI, and EPHI
There are several situations where medical information about a patient may be disclosed to third parties:
- if patients, as a result of their condition, cannot express their will, but they need treatment;
- with the threat of the spread of infectious diseases, mass poisoning;
- at the request of the institutions of inquiry and investigation, the court, the penal institutions;
- in case of providing medical assistance to a minor;
- to inform the internal affairs institutions about patients in respect of whom, there is reason to believe that harm to their health was caused as a result of illegal actions;
- in the exchange of information by medical organizations to provide medical care;
- for accounting and control in the compulsory social insurance system;
- to control the quality and safety of medical care.
Reference
Koontz, L. (2017). Information privacy in the evolving healthcare environment. CRC Press.