Healthcare fraud is an intentional practice of misusing the healthcare system for unlawful gains, such as billing patients for services that were never provided or performing unnecessary medical procedures. The difference between fraud and abuse is that the latter is not done intentionally, despite the fact that both incur additional costs for the country’s healthcare budget and require countermeasures. Healthcare Insurance Portability and Accountability Act, or HIPAA, was enacted to protect patients’ privacy from breaches and prevent misuse of the healthcare system.
Merton’s theory states that every action made by an individual or a government may have unexpected aftermath. Merton (1936) also defines several sources of unanticipated consequences, including ignorance, error, and short-termism. When action was made in ignorance, it means that there was a limited amount of information available, while error means that incorrect reasonings were made. Short-termism is when an individual or a government focuses on immediate gains rather than the long-term benefits of a decision. While the theory is not strictly defined by its author and left to interpretation, the ideas expressed by Merton are clear enough to be understood individually.
Merton’s theory can be applied to HIPAA, with three of the sources attributable to fraud and abuse within the healthcare system. Ignorance and error can lead to abuse and unintended damages, while short-termism can be associated with fraud and lead to unanticipated long-term losses. When a privacy breach occurs due to the company’s or government’s leadership and has unintended consequences, it can be speculated that the source of such aftermath is ignorance, error, or short-termism.
It is an expected outcome that a medical company misusing the healthcare system will get heavily penalized and fined, however, it can also cause other consequences. The company may lose its standing and reputation among its patients and clients. Another consequence is the possible increase in mortality rates among patients of the fraud and abuse perpetrators (Nicholas, L. H., Hanson, C., Segal, J. B., & Eisenberg, M. D., 2020). Whether the company’s or an individual’s actions are intentional or not, it can be deduced that unintended consequences can happen regardless, proving the validity of Merton’s theory.
Some of the major provisions of HIPAA that define a privacy breach are the Privacy Rule, Security Rule, and Breach Notification Rule. Privacy Rule establishes standards by which the patient’s medical records and other identifiable data related to treatment are protected. Security Rule establishes the required technical, physical and administrative safeguards for the patients’ personal electronic medical data. The breach Notification Rule provides the mandatory steps for an entity when the security of the protected medical information has been compromised. These rules ensure the safety of patients’ information while preventing unintentional abuse of the healthcare system and making it easier to detect intentional fraud.
In conclusion, it is essential to note that the reasons for HIPAA enactment were to protect the safety of patients’ data by defining privacy and security rules and to decrease misuse of the healthcare system. Merton’s theory of unanticipated consequences contains ideas applicable to HIPAA and can be used to define the possible consequences of a privacy breach. HIPAA contains a set of functional rules that ensure that proper actions are taken to protect the safety of patients’ data before and after a breach occurs.
References
Merton, R. K. (1936). The Unanticipated Consequences of Purposive Social Action. American Sociological Review, 1(6), 894–904. Web.
Nicholas, L. H., Hanson, C., Segal, J. B., & Eisenberg, M. D. (2020). Association between treatment by fraud and abuse perpetrators and health outcomes among Medicare beneficiaries. JAMA internal medicine, 180(1), 62-69. Web.