Health Insurance Portability and Accountability Act (HIPAA).

Introduction

HIPAA was originally enacted in 1996. It was enacted with the sole purpose of protecting the clients as well as the insurance holders from the violation of their rights as stipulated by the act. However several ethical and legal issues have arisen as a result of the HIPAA act. Issues such as the misinterpretation of the act by both the medical practitioners as well as the clients have been studied. Misinterpretation of the act has resulted into both the client and the medic feeling as though some rules have been violated. This paper aims at analyzing the various rules of the HIPAA as well as some ethical and legal implications that have arisen as well as a few solution s to the problem.

Discussion

The first title of HIPAA talks of the protection of the health insurance of workers as well as their families in situations where they loose or change their jobs. Title I of the act regulates the availability and the extent of group health plans and specific individual health insurance policies. The HIPAA act amended the internal revenue code, the employee retirement income security act and the public health service act. This act also limits the restrictions that a group health plan can place on the benefits of already preexisting conditions. In some instance the group health plans may refuse to grant benefits with regards to pre existing conditions for a period no less than 12 months after enrollment and 18 months in the case of late enrollment. To reduce the exclusion period individuals may have group health plan coverage or health insurance prior to enrolling in the plan (Lindh, & Dahl, 2009).

Title II of the act requires that there should be the establishment of national standards for electronic health care transactions as well as national identifiers for providers of health insurance plans and the employers. Title II of the act is also known as the Administrative Simplification (AS) provision. It also focuses on the security and the privacy of health data’s and other information with reference to the health of the insurance holder.

Title II also defines the various offenses that relate to health care and sets civil and criminal penalties for them. The acts also set up programs so as to protect the individuals in the insurance cover form fraud and abuse within the health care system. With regards to the AS rules the act requires that the department of health and human services (HHS) formulate rules with which the efficiency of the health care system will be upheld. The rules formulated will give direction on the use and the distribution of health care information. The HHS formulated several rules: the privacy rules, codes set rule, the enforcement rule, the unique identifier rule and the security rule (Lindh, & Dahl, 2009).

The privacy rule came into force in 2003, the rule regulators the use of individual personal information that the covered entities hold. The covered entities include: the employer sponsored health plans, the medical practitioners, health care clearing houses as well as the health insurers. The information given by the insurance holder is considered confidential and it is covered under the |protected health information. The confidential information includes details on the health status of an individual, provision of health care as well as the payment for health care that can be linked to a specific individual such as medical report as well as the payment history. The above law poses an ethical quagmire because the covered entity might hold on sensitive information that may be useful to the police such as laundering of finances which can be evident from the mode of payment of the individual. The covered entity might also be forced to breach the privacy act when he suspects a case of criminal activity that is negatively affecting an insurance beneficiary such as the abuse of the child (Wiener, 2011).

By law the covered entity is required to report any case of abuse to the relevant authorities based on the PHI information that they hold about an individual. The covered entity is authorized to give only the minimum information regarding a pressing issue with reference to the individual covered. The privacy rule also gives the covered entity the authority to disclose confidential information such as medical conditions so as to facilitate treatment. However, the individual should be informed of the disclosure of their PHI. It is then the responsibility of the covered entity to ensure that they keep track of the disclosed information so that it is not used for malicious purposes. The privacy act is a tricky balance between doing what is right and risking a court case with referencing to the divulging of the private information and withholding PHI information that is suspicious. Individuals who feel that their privacy rights have been breached are authorized to report the matter to the Department of Health and Human Services, office for civil rights (Hope, & Ronald, 2006).

The second type of rules is the transactions and the code set rules. It refers to the various key transactions used for HIPAA compliance, they include the EDI Health Care Claim Transaction set 837 that is used to use for the purposes of submitting health care clam submission. Another is the EDI retail pharmacy claim transaction that is used for the purpose of submitting retail pharmacy claims to payers by health care professionals that dispense medications. The other is the EDI health care claim payment/ advice transaction set whose purpose ids to make payment or send an explanation of benefits or payments, as well as remittance advice. The EDI benefit enrollment and maintenance set is used by government, unions, employers associations as well as insurance agencies so as to enroll interested individuals to be members. Other EDI’s include: the health care review information, the functional acknowledgement transaction set, the health care claim status notification, the health care status request, the health care eligibility/benefit response and inquiry and the payroll deducted and other group premium payment for insurance products. Each of above transactions serves a specific purpose in the process of HIAAA (Kapp, 2006).

The third rule is the security rule which acts as a compliment to the privacy rule. Whereas the privacy rule applies to the protection of health information which covers the paper work as well as the electronic, the security rule deals specifically with electronic protected health information (EPHI). The security rules lays out three main types of safeguards: the administrative, physical and technical safeguards. Each of the safeguards must abide by several standards as well as implementation specifications.

The fourth rule is the unique identifiers Rule which is also referred to as the National provider Identified. It replaced the other national identifiers that were in use when it was introduced; however it maintains the provider’s DEA number, state license number and the tax identification number. The most distinguishing factor of the NPI is that it cannot be re-used it is unique and national and cannot be replaced except for institutions.

The enforcement rule refers to the enforcement of the HIPAA. These rules set penalties with regards to the violation of the HIPAA rules. It also establishes procedures for investigation, and hearings of violation cases. The enactment of the rules with reference to the HIPAA has caused changes on how the physicians and medics operate. The legalities and complexities that are associated with the HIPAA have resulted to various effects in the field of research and clinical care in the medical sector (Kapp, 2006).

A study form the University of Michigan indicated that the HIPAA rules and restrictions have significantly reduced the chart based research where the evaluation of the patients’ involved contacting them for follow up. The implementation of the privacy rule has led to a significant drop from 96% to 34% with reference to follow up surveys completed by patients that had been recorded to have suffered from heart attacks (Wiener, 2011).

The requirement that informed consent forms should also indicate the note that the protected health information of the individual will be kept confidential has also resulted to a drop in the research studies. Whereas the assurance by researchers that the protected health information privacy will be upheld, the addition of a lengthy and legalistic section of the privacy of the information might deter away potential volunteers for the conduction of the research study.

In the clinical sector, the introduction of the HIPAA rules as well as the implementation of the stiff penalties with reference to the violation of the rules have led to medical practitioners withholding information even to individuals and organizations that have the right to that information. It has been noted that since the implementation of these rules medical practitioners are less willing to cooperate with reference to the divulging of protected health care information of an individual (Bernat, 2008).

The introduction of these rules has also negatively impacted on the financial cost of the medical practitioner. The introduction of the rues means more paper work and more staff for the institution. Some medical institutions have also been forced to turn to HIPAA consultancy on guidance on how to implement and apply the HIPAA rules. This has led to extra expenses to the institutions to which they had not budgeted and foreseen.

Ethically the HIPAA rules leave the medical practitioner with the uphill task of choosing between making the professional choice and withholding information. By law the medical practitioner is required to reveal any information that he/she sees to be dangerous. For example a patient suffering from drug resistant TB and does not seek medication should be quarantined from the rest of the public until he/she is cured. It is not right therefore for the medical practitioner to withhold such vital information because the individual is not only a threat to himself but also a bigger threat to the public as he can infect the rest of the public with the dangerous strain (Wiener, 2011).

Health professionals are also torn between the task and duty of protecting the patient and the duty to protect the patient from himself or someone else. It is up to the medics to put into use their medical and professional judgment, and to also make the choice to consult with other medics and attorneys or hospital committees. To avoid violation of the HIPAA rules the medical practitioner must first sort legal consultations first before carrying out any activity.

In another instance, an individual might seek to have fertility treatment in a hospital yet he/she has a medical condition that might harm the fetus. The individual withholds this vital information form the current doctor, however, the previous doctor is aware of the condition. What is the right thing to do? Should the doctor keep the vital information to himself or should he divulge the confidential information to his colleague. The previous doctor might want to give the information to the current doctor but that will mean violating the privacy rule and thereby breaking the patient-doctor relationship that he had with the patient. On the other hand the previous doctor has a social responsibility to do what is right (Tuchet, & Yates 2004).

The right that gives the patient the freedom to decide what information he/she should share also leaves the medics in a fix. Medics are required to write all the information that is clinically significant for the appropriate diagnosis and treatment of the client. Sometimes the medic might be obliged to present the information to court as evidence in criminal situations. It is therefore the task of the medical practitioner to determine whether the information that he/she is requesting from the client is medically significant and clinically appropriate. By sharing the limits of confidentiality with the client the medic also risk making the client to withhold important information that would have other wise been relevant for his/her treatment.

A medical professional very keen on following the HIPAA rules might in the process unconsciously fail to appropriately present the regulations to the client. According to psychologist Mark Hochhauser, the HIPAA regulations are not written in simple English. This therefore means that they may require further explanation and interpretation. In a circumstance where a medic gives the clients a written out consent form regarding the abiding of the HIPAA regulations , the clients might interpret the information in his/her won way and as a result claim to be violated when the medical practitioner has to enquire of confidential information (Tim, 2010).

One report that was reported in the New York Times in 2007 showed the story of one man Gerard Nussbaum who declared that he will not take care of his ailing father-in –law after he accessed his medical files and realized that his father-in-law has suffered a stroke. The hospitals held the notion that the Nussbaum who was the next of kin to the patient violated the rights of the patient by accessing his information without the consent of the parent. What seemed to be a looming court case ended prematurely when Mr. Nussbaum was able to clarify that he had every right to know the condition and medication that the patient was receiving. This brought into focus the various interpretations of the HIPAA rules, the frustrations as well as the perils that come about as result of the misunderstanding of the HIPAA regulations and rules.

Studies conducted have also indicated how the HIPAA regulations and the fear of penalties regarding the violation of the rules have affected the information flow from psychiatric hospitals. It has been suggested that the psychiatric hospitals can address the misinformation and the fear of HIPAA by understanding how to properly implement the privacy rule. Clear understanding of the rules ensures that the institution does not interfere with the care of the patients (Gross, 2007).

Conclusion

The understanding of the HIPAA rules and regulations is the first step to understanding the professional conduct of the medics so as to handle situations arising when patients or next of keen complain that heir rights have been violated. The most contentious rule that is affecting the medical field is the privacy rules. The medical practitioner should discuss with client on what it entails to be confidential so that he as the medic is able to acquire all the relevant information that is needed with regards to the treatment of the clients. Similarly the client should be comfortable enough to divulge all the information that is needed so as to receive the appropriate treatment.

Annotated Bibliography

Tim Wafa (2010). “How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy”. Northern Illinois University Law Review, retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1547425.

This paper discusses the HIPAA regulations and rules as well as indication circumstances that show severe flaws that severely compromise the privacy of the patient. The paper discusses how HIPAA rules with regards to the technology implementation give excess latitude to covered entities and as result the rules that have been set with the main purpose of protecting the health information of an individual fail.

Gross, J. (2007). Keeping patients’ details private even from Kin retrieved from http://www.nytimes.com/2007/07/03/health/policy/03hipaa.html?ex=1341115200&en=19160c75b9633d68&ei=5090&partner=rssuserland&emc=rss on 23rd April 2011.

This is a newspaper article that carried the story of how a hospital kept patients details from the next of kin and how the kin got hold of the information and said that as the next of kin he was obliged to get that information. However, the hospital felt that the kin had breached the privacy act of the HIPAA. The article is a clear indication of the obstacle that occurs as a result o misunderstanding and misinterpretation of the HIPAA rules.

Tuchet, B. &Yates W. (2004).Brief Reports: The Impact of Fear of HIPAA Violation on Patient Care retrieved from http://psychservices.psychiatryonline.org/cgi/content/full/55/5/575 on 23rd April 2011

The journal focuses on the HIPAA rules and the compliance of these rules by mental health professionals. The journal also studies several cases in which several psychiatric hospitals refused to divulge a patient’s protected information on the basis of violating the HIPAA.

Wiener, J. (2011). Balancing between two goods: Health Insurance Portability and Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences archival and historical special collections retrieved from http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3016646/ on 23.

This journal investigates the recommendations for establishing institutional collection guidelines and policies that will protect the integrity of the precious records of clients and at the same time uphold the privacy and confidentiality of those that are covered by the HIPAA.

Hope, B& Ronald, H. (2006). Communication and records: HIPAA issues when working in health settings retrieved from http://psycnet.apa.org/index.cfm?fa=buy.optionToBuy&id=2006-07098-008 on 23rd of April 2011

This journal focuses on the original mandate of the HIPAA regulations. The journal focuses on the clients’ record keeping requirement as well as the communication of information between the client and his/her patient in the provision of better health care. HIPAA rules that are relevant to the setting of the medical field are discusses with focus on factors that affects psychologist in their line of duty with reference to the HIPAA rules.

Kapp, B. (2006). Ethical and legal issues in research involving human subjects: do you want a piece of me. Retrieved from http://jcp.bmjjournals.com/content/59/4/335.full on 23rd of April 2011

These medical journal studies the underlying ethical principles that affect the conducting of research using human beings as the test subjects. Biomedical research studies on human beings have several ethical issues such as dignity and privacy. The journal studies this with reference to the HIPAA rules and regulations.

Lindh, W. & Dahl, B. (2009). Delmar’s comprehensive medical assisting: administrative and clinical. Cengage learning

The book specifically focuses on the legal and ethical issues that are related to the HIPAA rules and regulations. Matters of privacy such as informing the client on the confidentiality of the information that he/she gives as well as the freedom to choose the information that the client will give are highlighted.

Bernat, J. (2008). Ethical issues in neurology. Lippincott Williams & Wilkins

The book exhaustively covers the issues that affect the efficient analysis of the neurological patients with reference to the HIPAA. The book clearly discusses the HIPAA rules and how they affect the medical field if not properly interpre4ted.