Essay Example on The Health sector is the significant and most Important









The Health sector is the significant and most important sector in the US today being valued at 5 trillion This makes the Health Insurance Portability and Accountability Act of 1996 hereinafter HIPAA the most common regulation The primary purpose of HIPAA is to protect the Personal Health Information PHI of the US citizens Mohammed 2017 In the early 1990s the American Health sector was faced with many challenges Many Americans were worried about their health insurance the states could not regulate the health insurance of people who chose self insurance Self insured companies could not cover terminal diseases of family members of its employees self employed persons could not afford insurance premiums and the fear of disclosure of private and sensitive medical information The HIPAA came into action in 1996 under the Clinton administration The regulation focused on protecting health insurance coverage for people who had insurance at a previous job It also focused on the provision of the protection of PHI as it directed the Congress to pass a Health Privacy Regulation within three years Tillery and Tillery 2017 Some amendments have been made to this act with the recent one being in 2013 where the Department of Health and Human Services HSS made some modifications to the HIPAA of 1996 The primary focus of the amendments was on the privacy rules 

PRIVACY AND SECURITY UNDER HIPAA Before HIPAA there were no set standards to protect PHI With technological advances that have seen the industry moving away from paper too much relying on electronic information systems confidentiality has remained a critical issue Protection of PHI is therefore a widely held mission of the public and lawmakers HIPAA ensures that PHI is kept secure from any action that would threaten confidentiality Goldenberg and Grantcharov 2017 The HIPAA privacy rule provides for national standards to protect PHI The rules apply to health plans and anyone in the health sector that carry out electronic health care transactions The general rule is that a covered entity may not disclose PHI except if the individual gives authorization in writing or by waiver in writing by the institutional review board IRB Covered entities are mandated to disclose information to the individuals and the HHS when undertaking the audit or enforcement action The HIPAA security rule provides protection for individual s electronic PHI generated received or held by a covered entity It requires administrative physical and technical measures to be put in place to ensure confidentiality integrity and security of electronic PHI by organizations covered entities 

Covered entities are also required to establish and guard against reasonably foreseen threats to the safety of the PHI guard against reasonably anticipated non permissible use or disclosure and to ensure compliance by their staff Its main aim is to protect PHI while at the same time allowing for adaptation of new technologies to improve the healthcare quality The security rule mainly applies to covered entities However in the 2013 amendments Business associates are independently liable for noncompliance with the HIPAA security rules COMPLIANCE WITH THE HIPAA REGULATIONS Healthcare organizations are required to implement specific safeguards to comply with the HIPAA privacy and security rule These are administrative safeguards which include implementing privacy and security measures to protect PHI covered entities must have persons in charge of the privacy and security management process enforce policies on information access train its workforce on the privacy and security measures implemented and have a periodic audit of their implemented privacy and security measures Physical safeguards which include limitation of physical access to its facilities and implementation of standards for transfer disposal or reuse of electronic information Technical measures implement technological standards that allow only authorized persons to access ePHI conduct audit of all information systems that contain ePHI achieve professional security measures that protect the transmission of ePHI ENFORCEMENT AND PENALTIES FOR NON COMPLIANCE

The Department of Health and Human Services HHS and the Office of Civil Rights OCR are in charge of the administration and enforcement of the privacy and security regulations Penalties The HHS may impose a civil sanction on covered entities of 100 each time they fail to observe the privacy rule requirements There is a set maximum for the civil penalty which is 25 000 per year for multiple violations of the same condition Exemption to this sentence is available when abuse is due to reasonable cause involuntary or has been corrected within 30days of realization of a breach Criminal sanctions may be levied on a person who consciously acquires or discloses PHI against the HIPAA rules The person faces a fine of 50 000 and up to 1 year behind bars A person who knowingly obtains and discloses PHI under pretenses faces a fine of 100 000 and up to five years behind bars If a person acquires and reveals PHI with the aim to vend transfer or use it for monetary profit faces a fine of 250 000 and up to ten years behind bars Cited Work Goldenberg M Grantcharov T P 2017 Enhancing Clinical Performance and Improving Patient Safety Using Digital Health Digital health pp 235 248 https link springer com Mohammed D 2017 U S Healthcare Industry Cyber security Regulatory and Compliance Issues Journal of Research in Business Economics and Management www scitecresearch com Tillery S M Tillery T N 2017 Applications in Employee Benefits Planning United States Department of Health and Human Services OCR Privacy Brief Summary of the HIPAA Privacy Rule

Write and Proofread Your Essay
With Noplag Writing Assistance App

Plagiarism Checker

Spell Checker

Virtual Writing Assistant

Grammar Checker

Citation Assistance

Smart Online Editor

Start Writing Now

Start Writing like a PRO