HIPAA VIOLATIONS

ase Study 2: HIPAA Violations
Health care leaders must understand and respect the depth of the ethical implications related to the use of technology and data in all aspects of management, from patient care to operations management. The U.S. Department of Health & Human Services Office for Civil Rights (OCR) identifies real-life cases of HIPAA violations on its website and these cases are shared in the media.
Chapter 7 of the Ethics and Professionalism for Healthcare Managers text summarizes six of the most significant violation cases in recent years. Choose one of these cases to evaluate. Research the OCR investigation and outcomes in detail. Research the OCR investigation and outcomes in detail. In your main post, summarize the details of the case and violations, and explain how and why actions taken within the organizations violated ethical principles. Recommend a strategy a health care manager might take to ensure this type of violation can be prevented. Be sure to cite and reference your additional research resources in your work.

▶ Health Insurance Portability and Accountability Act
In 1996, Congress passed HIPAA. The Act had several objectives, including providing health insurance coverage for those with pre-existing conditions, reducing fraud and abuse, and standardizing health information. It was also concerned with ensuring security and privacy of health information. The legislation had several titles to address all of these objectives. For example, the Administration Simplification provisions dealt with rules for compliance with this Act. They also addressed electronic claims submission, including standards of privacy, confidentiality, and maintenance of health information. It mandated that there be a unique identifier for each patient, employer, health plan, and provider in an attempt to protect patient privacy (Shi & Singh, 2019).
The positive features of the law were that electronic transfers of data became easier and more cost-effective. Security upgrades also improved the confidentiality of patient data. These efforts protected patients’ right to know how their personal information was used within a healthcare organization. Currently, there is also increased awareness of the potential for violating confidentiality. This awareness has improved patient confidentiality. Improvements include procedures for taking health histories, avoidance of inappropriate conversations about patients, and methods to prevent marketing firms from accessing patient names and addresses. In addition, simple procedures, such as the placement of computers, help avoid unnecessary violations of confidentiality. Ethics aspects of autonomy and respect for patients are part of the provisions of HIPAA.
In 2013, the federal government enacted the Omnibus Final Rule for HIPAA. The Rule requires patient notification when there is confidentiality violation of patient health information. If patients pay out-of-pocket for care, they can request that the provider not report treatment information to their insurance plan. There are also limits on marketing information that a physician can provide without written authorization from the patient. Likewise, the physician cannot sell the patient’s health information without the patient’s written consent. In addition, HCAs must use security in technology when sending copies of the patient’s health information (Health and Human Services, 2015).
In 2017, the Department of Health and Human Services called for volunteers for a pilot study to change HIPAA compliance reviews. Using the data from this study could assist in updating procedures and lead to system-wide compliance. Changes in compliance mechanisms promise 9 billion dollar savings each year. The pilot will assess whether proactive reviews could improve compliance (HIPAA Compliance Journal, 2018). In the pilot test, volunteers would submit their electronic files for review and testing by the HHS. If noncompliance was found, the HHS would provide guidance and an action plan for meeting compliance standards. Once participants achieved compliance, they would receive a certificate and be exempt from review for one year (HIPAA Compliance Journal, 2018).
What do the changes in the HIPAA law mean for health administrators? Of course, they will be responsible for ensuring that their organizations comply with HIPAA and the Omnibus Final Rule. HCAs will also have to ensure that they provide staff training and that documents are correct. If there is an investigation on compliance with the Omnibus Final Rule, HCAs may serve as part of the team that responds to the investigation. HIPAA remains a part of the HCA’s life and will continue to undergo change. While addressing ongoing changes may be stressful, HIPAA’s intent is to prevent harm to the patient and the organization. Therefore, HCAs have an ethical duty to comply with HIPAA’s guidelines, provide accurate patient information, and practice rule utility.

Last Completed Projects