Health Insurance Portability and Accountability Act, 1996 (HIPAA) which has been in effect since 2003.

Consider this scenario:

1) Pat, a billing associate at a local hospital, was issued a laptop for work purposes. Her friend, however, has asked to borrow it for school to complete an online assignment. Her friend said she would be careful, and she would return it promptly. Pat knows you are taking a HIM course, and asks for your advice. How will your respond?

2) If you were part of an organization considering the implementation of biometric authentication, what factors, aside from costs, would you analyze to determine if this is the most favorable solution?

Notes from class

The two terms, privacy and security of information, have similar meanings and at times are used interchangeably, but in essence they are different entities.

Privacy implies the patient’s right to control disclosure of his/her health information and safety of protected health information (PHI—name, address, phone, e-mail, Social Security number, etc.) during storage, transit, and use. It also gives patients the rights to examine, obtain a copy of medical records, and request corrections in their health information.

Security ensures physical, logical, and technical protection of patients’ health information against natural and human-made disasters, hackers, and malicious attacks that may damage the system, steal information, or render it unusable. It establishes national standards to protect individual’s ePHI (electronic PHI) created, received, maintained, and transmitted by the healthcare providers to ensure confidentiality, integrity, and security of ePHI.

Both privacy and security of health information are the subjects of Health Insurance Portability and Accountability Act, 1996 (HIPAA) which has been in effect since 2003. The HIPAA provisions have been made more stringent and expanded to cover “business associates” under the Health Information Technology for Economic and Clinical Health Act, 2009 (HITECH) as a component of American Recovery and Reinvestment Act, 2009 (ARRA). This to health organizations means:

Expansion of HIPAA coverage to include “business associates” (any individual or organization that works with or on behalf of healthcare reorganization).
Adding greater and stringent penalties to HIPAA, especially with the adoption of electronic health records (EHR).
HIPAA security rules are organized into three categories: Administrative, Physical, and Technical safeguards and apply to all media types: paper, electronic, and hybrid.