The Creation of HIPAA, Research Paper Example

Since 1996, a key factor pertaining to patient confidentiality was enacted when the Health Insurance Portability and Accountability Act became law. HIPAA, as it is known, provides federal protections regarding personal health data held by covered entities and provides patients with a Bill of Rights pertaining to that information (Health Information Privacy, 2005.) Simultaneously, the Privacy Rule allows revealing personal health information that is necessary to coordinate patient care and for other relevant purposes relating to the health status of patients. This paper will discuss the significance of HIPAA, how it has or has not affected the evolution of healthcare, and the ways in which it has been well-intentioned but ineffective because of the inadequate understanding of its meaning by medical personnel.

Prior to the implementation of HIPAA, medical matters and records were historically maintained between patient and doctor, most often documented on paper in files that were stored in metal file cabinets or shelving. The emphasis on privacy of medical information was a relative non-issue. When HIPAA was established, the issue became front and center among health providers, as well as patients, and although it was created to protect patient information, part of HIPAA includes the use of electronic medical records, which increase the chances that confidentiality will be compromised.

After HIPAA was proposed, most healthcare companies as well as practitioners were obligated to accommodate the regulation guidelines by October, 2002, and for smaller businesses or health plans by October, 2003 (Sage.) The law involved a complex, multistep framework that is aimed at reforming the health insurance system, with an emphasis on privacy. The law mandated that all healthcare professionals, organizations, and government health plans that utilize, keep, store, or send patient healthcare information must comply with HIPAA regulations regarding privacy.

HIPAA contains many standards that are designed to facilitate patient privacy regarding medical information. It was intended to give patients increased control over their healthcare information as well is to set standards and limits on the use of a release of those records. In addition, the law created appropriate safeguards that most healthcare practitioners were required to comply with in order to protect the privacy of health information (HIPAA Privacy Rule and Public Health, 2003.) In addition, the HIPAA rule established accountability standards for clinicians who violated patient privacy by levying civil and criminal penalties; it was designed to allow patients to make educated decisions based on how their health information might be used. In addition, HIPAA allows patients to find out how their private health information has been used and when it has been used, and usually limits release of information to the least reasonably needed in order to provide disclosure. Finally, it allows patients the right to request and receive a copy of their own health records, as well as asking that corrections be made if they are inaccurate.

In my opinion, the intentions of HIPAA were well-founded and based on a sincere desire to protect patient confidentiality. However, my experience has demonstrated that although staffs are frequently trained thoroughly in HIPAA implementation, they frequently have no idea how to actually put the standards into practice. The focus on privacy has been successful, in other words, but it implementation has been a failure. For example, in many doctors’ offices, the receptionist sits at a desk in full view and hearing range of the waiting room, checks patients in by name, verifies personal information in discreetly again within hearing range of the waiting room, and has a sign in sheet on which one can see the names of every single person that has signed in to see the doctor that day. When those HIPAA violations have been pointed out by me, the response has usually been a quizzical look as if the person simply didn’t know what I was talking about.

In another instance, after signing forms indicating that I had been apprised of my HIPAA rights to privacy, I noticed that in the waiting room. There was a sign that said the following: “Dr._________ would like to thank the following patients for making referrals,” underneath which was written the names of 5 to 10 patients. I asked the receptionist if she had gotten permission from those patients to post their names in the waiting room and again, I was greeted with an icy, annoyed look that told me that she didn’t really understand the definition of HIPAA violations.

My experience is obviously not specific to me. There have been thousands of complaints filed against medical providers’ offices because of privacy violations. The government has received 34,000 complaints of privacy violations in California since HIPAA was enacted, and although criminal prosecution was supposedly a possibility for privacy violations in fact, only a few defendants have been prosecuted (Alonzo-Zaldivar, 2008.) The only cases that did result in criminal prosecution involved clerical staff who stole patient information and used it to open credit card accounts were sold them to criminals who engage in Medicare and IRS fraud. In addition, even though the Department of Health and Human Services has the power to find medical providers who violate HIPAA, they have not been inclined to utilize that power.

The concept of patient privacy is completely complementary to my personal values about people’s rights to share their medical and other information only based on their having given written permission about what to share and with whom to share it. I cringe when I see and hear medical personnel exchanging information that includes patients’ names and health conditions openly in hallways, in the reception area, and in other open venues. I had my privacy compromised when I had to get a CAT scan and a neighbor of mine called me to see if everything was okay with me. Since no one knew about my medical test, I was taken aback and asked her how she knew about my CAT scan. She said that she had been to her doctor that morning (my doctor as well), and had overheard him asking his nurse if she had received the results of my CAT scan; he actually mentioned by name, which was how she knew that I had been tested that morning. Certainly, I could have filed a complaint against the doctor for the violation of HIPAA, but I chose to contact him directly to let him know what had transpired. My message was that his office walls were not soundproof, so that my medical situation had been overheard by another patient. He thanked me for letting him know what had happened; nevertheless, months later when I returned to the office, the same lack of soundproofing was in the fact as I could hear his entire conversation with the patient in the next examining room.

I personally believe that the intentions of HIPAA are important and legitimate, and that it is essential that health providers and their support staff know exactly how to translate the law into actual practice. If the privacy law could be carried out properly, it would go a long way towards helping patients feel more confident about where their personal medical information is being shared and stored. The Health Insurance Portability and Accountability Act had noble intentions, but unfortunately, has not done a good job in providing training that is practical. There is a great deal of training given to medical staff, but it is clearly not being interpreted as intended.

References

Alonso-Zaldivar, R. (2008, April 9). Effectiveness of Medical Privacy Law Is Questioned. Retrieved November 30, 2012, from The Los Angeles Times: http://articles.latimes.com/2008/apr/09/nation/na-privacy9

Health Information Privacy. (2005). Retrieved November 30, 2012, from US Department Of Health And Human Services: http://www.hhs.gov/ocr/privacy/index.html

HIPAA Privacy Rule and Public Health. (2003, April 11). Retrieved November 30, 2012, from Centers For Disease Control: http://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm

Sage, B. (n.d.). HIPAA Laws and Regulations. Retrieved November 30, 2012, from About.com: http://personalinsure.about.com/od/health/a/aa041806a.htm