Thesis
While Health Insurance Portability and Accountability Act (HIPAA) is useful in the way of providing unified standards for the protection of protected health information (PHI), it requires adjustments regarding PHI disclosure for payment, treatment, and healthcare operations.
Background
HIPAA is currently the main piece of the US federal legislation regulating the protection and distribution of PHI in all its forms, including e-PHI.
The primary goal of the law is to protect eh patient’s privacy and health by limiting access to PHI to those who require this information for professional purposes and none other (Edemekong, Annamaraju, & Haydel, 2020).
History of changes
HIPAA was created in 1996 and did not adequately address the emerging information technologies and the opportunities they provide for sharing data (Drolet, Marwaha, Hyatt, Blazar, & Lifchez, 2017). In 2013, HIPAA regulations considering e-PHI had been further tightened, and monetary penalties for violating them increased (Kiel, Ciamacco, & Steines, 2016).
The present state of things
The changes made in 2013 have further complicated information handling for small healthcare providers who may unwittingly violate HIPAA regulations (Primeau, 2017; Chen & Benusa, 2017)
The medical community calls for the new changes in HIPAA regulations regarding handling e-PHI (Colorafi & Bailey, 2016)
Inadequacies
The Privacy Rule classifies sharing PHI with other healthcare providers as permissible rather than mandatory. Organizations may ignore sharing e-PHI with other healthcare providers if it is not high enough in the list of current priorities. Organizations may deliberately avoid sharing e-PHI with other healthcare providers for the sake of staying on the safe side and not violating HIPAA unwittingly. Current regulations pay little attention to the small healthcare providers’ capability to enforce stringent HIPAA policies or even put them high enough in the list of immediate priorities to balance (Primeau, 2017). Changes are needed to improve the law with rears to e-PHI handling and sharing between healthcare providers.
Adequacies
HIPAA intends to protect PHI from those who can use it with malicious intent and limit the knowledge of confidential information to those who need it for performing professional duties (Edemekong et al., 2020). Due to the highly decentralized nature of the American healthcare system, a universal framework for processing PHI is both useful and necessary. HIPAA is still fundamentally solid, and the changes it needs concern particular aspects of PHI handling rather than the overall approach.
Proposed changes
Reclassifying PHI sharing for treatment and care as mandatory rather than merely permissible to ensure that healthcare providers do not ignore it out of fear of violating HIPAA unwittingly. The wording of the law should encourage such information sharing to promote inter-provider cooperation while staying true to the law’s purpose and continuing to promote sufficiently high digital security standards.
Conclusion
HIPAA provides a solid framework for ensuring PHI security across the US healthcare system. However, the law was drafted in 1996, when contemporary digital technologies did not yet emerge or reached their full maturity and, thus despite being amended, is partially inadequate to the current situation. In particular, the law’s stringent requirements may prevent productive cooperation among healthcare providers. Making PHI sharing between providers mandatory rather than permissible and encouraging inter-provider cooperation in the wording of the law will help to address these inadequacies while preserving the overall dedication to data safety.
References
Chen, J. Q., & Benusa, A. (2017). HIPAA security compliance challenges: The case for small healthcare providers. International Journal of Healthcare Management 10(2), 135-146.
Colorafi, K., & Bailey, B. (2016). It’s time for innovation in the Health Insurance Portability and Accountability Act (HIPAA). JMIR Medical Informatics 4(4), e34.
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: Privacy, security, and HIPAA compliance. The Journal of Hand Surgery 42(6), 411-416.
Edemekong, P., Annamaraju, P., & Haydel, M. (2010). Health Insurance Portability and Accountability Act (HIPAA). National Center for Biotechnology Information. Web.
Kiel, J. M., Ciamacco, F. A., & Steines, B. T. (2016). Privacy and data security: HIPAA and HITECH. In C. A. Weaver, M. J. Ball, & J. M. Kiel (Eds.), Healthcare information management systems: Cases, strategies, and solutions (pp. 437-449). New York, NY: Springer.
Primeau, D. (2017). How small organizations handle HIPAA compliance. Journal of American Health Information Management Association 88(4), 18-21.