Difference between revisions of "Health Insurance Portability and Accountability Act"

From LIMSWiki
Jump to navigationJump to search
(Modified some items. Saving and updating more.)
m (Fixed URL)
Line 46: Line 46:
==Assessed impact==
==Assessed impact==


The enactment of HIPAA caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers. Many of those concerns were expressed in an August 2006 paper published in the journal ''Annals of Internal Medicine''.<ref name="WilsonAnnals">{{cite journal |author=Wilson, Jennifer Fisher |title=Health Insurance Portability and Accountability Act Privacy Rule Causes Ongoing Concerns among Clinicians and Researchers |journal=Annals of Internal Medicine |volume=145 |issue=4 |pages=313–6 |year=2006 |pmid=16908928 |doi=10.7326/0003-4819-145-4-200608150-00019 |accessdate=11 February 2015}}</ref> It mentioned a University of Michigan study that demonstrated how the implementation of the HIPAA Privacy rule resulted in a drop from 96 percent to 34 percent in the proportion of follow-up surveys completed by study patients being followed after a heart attack.<ref name="Armstrong">{{cite journal |author=Armstrong, David; Kline-Rogers, Eva; Jani, Sandeep M.; Goldman, Edward B.; Fang, Jianming; Mukherjee, Debabrata; Nallamothu, Brahmajee N.; Eagle, Kim A. |title=Potential Impact of the HIPAA Privacy Rule on Data Collection in a Registry of Patients With Acute Coronary Syndrome |journal=Archives of Internal Medicine |volume=165 |issue=10 |pages=1125–9 |year=2005 |pmid=15911725 |doi=10.1001/archinte.165.10.1125 |accessdate=11 February 2015}}</ref>  
The enactment of HIPAA caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers. Many of those concerns were expressed in an August 2006 paper published in the journal ''Annals of Internal Medicine''.<ref name="WilsonAnnals">{{cite journal |author=Wilson, Jennifer Fisher |title=Health Insurance Portability and Accountability Act Privacy Rule Causes Ongoing Concerns among Clinicians and Researchers |journal=Annals of Internal Medicine |volume=145 |issue=4 |pages=313–6 |year=2006 |pmid=16908928 |doi=10.7326/0003-4819-145-4-200608150-00019 |accessdate=11 February 2015}}</ref> It mentioned a University of Michigan study that demonstrated how the implementation of the HIPAA Privacy rule resulted in a drop from 96 percent to 34 percent in the proportion of follow-up surveys completed by study patients being followed after a heart attack.<ref name="Armstrong">{{cite journal |url=http://archinte.jamanetwork.com/article.aspx?articleid=486568 |author=Armstrong, David; Kline-Rogers, Eva; Jani, Sandeep M.; Goldman, Edward B.; Fang, Jianming; Mukherjee, Debabrata; Nallamothu, Brahmajee N.; Eagle, Kim A. |title=Potential Impact of the HIPAA Privacy Rule on Data Collection in a Registry of Patients With Acute Coronary Syndrome |journal=Archives of Internal Medicine |volume=165 |issue=10 |pages=1125–9 |year=2005 |pmid=15911725 |doi=10.1001/archinte.165.10.1125 |accessdate=11 February 2015}}</ref>  


By 2013, views on the impact of HIPAA were mixed. Leon Rodriguez, director of the HHS' Office for Civil Rights said of HIPAA:
By 2013, views on the impact of HIPAA were mixed. Leon Rodriguez, director of the HHS' Office for Civil Rights said of HIPAA:

Revision as of 19:18, 11 February 2015

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. Its intended purpose was "to improve portability and continuity of health insurance coverage in the group and individual markets; to combat waste, fraud, and abuse in health insurance and health care delivery; to promote the use of medical savings accounts; to improve access to long-term care services and coverage; [and] to simplify the administration of health insurance."[1]

History

Structure

HIPAA is divided into five titles:

Title I: Health Care Access, Portability, and Renewability

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

Title III: Tax-Related Health Provisions

Title IV: Application and Enforcement of Group Health Plan Requirements

Title V: Revenue Offsets

Description

Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.

Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.[2] Title II also addresses the security and privacy of health data, with the intend of improving the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

Enforcement

On February 16, 2006, HHS issued the Final Rule regarding HIPAA enforcement. It became effective on March 16, 2006. The Enforcement Rule set civil money penalties for violating HIPAA rules and established procedures for investigations and hearings for HIPAA violations. Before the enforcement rule, the deterrent effects of the legislation seemed negligible, with few prosecutions for violations.[3] Enforcement operations were ratcheted up further with the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, which greatly increased the financial penalties that could be applied to entities in non-compliance.[4]

By the end of 2014, the U.S. Department of Health and Human Resources (HHS) reported investigating 106,522 HIPAA complaints against national pharmacy chains, major health care centers, insurance groups, hospital chains and other small providers since April 2003. The HHS reported 23,314 of those cases had been resolved by requiring changes in privacy practice or by corrective action. 10,566 cases were investigated and found that HIPAA was followed correctly. Another 68,412 cases were found to be ineligible for enforcement because, for example, a violation occurred before HIPAA became effective, a case was withdrawn by the pursuer, or an activity did not actually violate the rules.[5]

According to the HHS, the most commonly investigated compliance issue, by order of frequency, have been[5]:

  1. incorrectly used or revealed protected health information (PHI);
  2. insufficient protection mechanisms for PHI;
  3. insufficient mechanisms for patients to access their PHI;
  4. insufficient administrative protections and tools for managing electronic PHI; and
  5. usage and disclosure of more PHI than minimally necessary.

The HHS also stated the entities most likely to be responsible for infractions, by order of frequency, have been[5]:

  1. private practices;
  2. general hospitals;
  3. outpatient facilities;
  4. pharmacies; and
  5. health plans (group health plans and health insurance issuers).

Assessed impact

The enactment of HIPAA caused major changes in the way physicians and medical centers operate. The complex legalities and potentially stiff penalties associated with HIPAA, as well as the increase in paperwork and the cost of its implementation, were causes for concern among physicians and medical centers. Many of those concerns were expressed in an August 2006 paper published in the journal Annals of Internal Medicine.[6] It mentioned a University of Michigan study that demonstrated how the implementation of the HIPAA Privacy rule resulted in a drop from 96 percent to 34 percent in the proportion of follow-up surveys completed by study patients being followed after a heart attack.[7]

By 2013, views on the impact of HIPAA were mixed. Leon Rodriguez, director of the HHS' Office for Civil Rights said of HIPAA:

Whereas many thought HIPAA would "bankrupt" healthcare, shut down research, and otherwise paralyze the industry, instead the industry has learned the benefits of the transaction and code set standards through the ease of electronic transactions. And the balance of the [HIPAA] Privacy and Security protections have paved the way to real benefits for consumers through greater access to quality care.[4]

In an article for the Houston Chronicle, writer and business consultant Lisa Dorward stated the following for patients requesting personal health information:

Direct cost to patients is minimal; health care institutions can charge the patient only for copying and postage costs for delivery of the documents. On the other hand, costs to health care providers are high and can strain already overburdened budgets. Some clinics and hospitals have had to reconstruct or remodel existing registration areas to comply with HIPAA's privacy regulations.[8]

Writing for the Loyola Consumer Law Review, attorney and legal writer Anna Colvert wrote:

Generally, HIPAA is considered a step in the right direction regarding patient privacy, and it has resulted in more descriptive and detailed privacy policies; however, it has not improved the online privacy practices of these organizations. While HIPAA is a solid foundation in protecting patients’ healthcare information there is more work to be done..."[9]

A May 2013 Computerworld reported on a survey conducted by the Ponemon Institute that found 51 percent of respondents believed "HIPAA compliance requirements can be a barrier to providing effective patient care" and 59 percent "cited the complexity of HIPAA requirements as a major barrier to modernizing the healthcare system."[10]

Audit guidelines and checklist

For those auditing computer systems and IT environments for their compliance with the Health Insurance Portability and Accountability Act and other regulations, a set of guidelines and checklist items may be useful.

Click the link above for the full set of guidelines and checklist items as they relate to HIPAA.

Further reading


References

  1. "Public Law 104 - 191 - Health Insurance Portability and Accountability Act of 1996". U.S. Government Publishing Office. http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/content-detail.html. Retrieved 11 February 2015. 
  2. "Overview HIPAA - General Information". Centers for Medicare and Medicaid Services. http://www.cms.gov/HIPAAGenInfo/. Retrieved 28 February 2012. 
  3. Stein, Rob (5 June 2006). "Medical Privacy Law Nets No Fines". The Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2006/06/04/AR2006060400672.html. Retrieved 28 February 2012. 
  4. 4.0 4.1 Solove, Daniel J. (April 2013). "HIPAA Turns 10: Analyzing the Past, Present and Future Impact". Journal of AHIMA 84 (4): 22–28. http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_050149.hcsp?dDocName=bok1_050149. Retrieved 11 February 2015. 
  5. 5.0 5.1 5.2 "Enforcement Highlights". U.S. Department of Health and Human Services. 15 January 2015. Archived from the original on 11 February 2015. https://web.archive.org/web/20150211170207/http://www.hhs.gov/ocr/privacy/hipaa/enforcement/highlights/index.html. Retrieved 11 February 2015. 
  6. Wilson, Jennifer Fisher (2006). "Health Insurance Portability and Accountability Act Privacy Rule Causes Ongoing Concerns among Clinicians and Researchers". Annals of Internal Medicine 145 (4): 313–6. doi:10.7326/0003-4819-145-4-200608150-00019. PMID 16908928. 
  7. Armstrong, David; Kline-Rogers, Eva; Jani, Sandeep M.; Goldman, Edward B.; Fang, Jianming; Mukherjee, Debabrata; Nallamothu, Brahmajee N.; Eagle, Kim A. (2005). "Potential Impact of the HIPAA Privacy Rule on Data Collection in a Registry of Patients With Acute Coronary Syndrome". Archives of Internal Medicine 165 (10): 1125–9. doi:10.1001/archinte.165.10.1125. PMID 15911725. http://archinte.jamanetwork.com/article.aspx?articleid=486568. Retrieved 11 February 2015. 
  8. Dorward, Lisa. "The Positive and Negative Effects of HIPAA Employment Laws". Houston Chronicle. Hearst Newspapers, LLC. http://smallbusiness.chron.com/positive-negative-effects-hipaa-employment-laws-18500.html. Retrieved 11 February 2015. 
  9. Colvert, Anna (2013). "HIPAA'S Influence on Consumers: Friend or Foe?". Loyola Consumer Law Review 25 (4): 431–447. http://lawecommons.luc.edu/lclr/vol25/iss4/6/. Retrieved 11 February 2015. 
  10. Mearian, Lucas (7 May 2013). "HIPAA rules, outdated tech cost U.S. hospitals $8.3B a year". Computerworld.com. Computerworld, Inc. http://www.computerworld.com/article/2496995/healthcare-it/hipaa-rules--outdated-tech-cost-u-s--hospitals--8-3b-a-year.html. Retrieved 11 February 2015.