Verified Document

HIPAA And The Medical Profession Term Paper

Experts estimate that 70-80% of the administrative policies and procedures and 20-30% of the technology of the security rule constitute its implementation specifications and other approaches in meeting them. Some approaches are required while some are addressable. Dr. Lazarus says that a particular implementation specification that is addressable allows a physician to perform something else that is equivalent to it but not to ignore the specification. What applies to a solo medical practitioner will not apply to a 200-physician alliance or a 00-bed hospital, for example, but whatever it is, must be in fine shape and carefully documented. Walsh Consulting said that a physician basically needs information systems with five types of technical controls and most vendors or systems have these capabilities within them (Chin). The HIPAA security rule requires controls that will allow access, identify and track down authorized users (Chin 2004). One of these controls is a unique user ID and the other is an automatic log-off and an "addressable" element. It also requires audit controls that record and examine what goes on within a system; integrity controls that will protect data from intentional or un-intentional damage or modification; authentication controls that will ensure those accessing are genuine and actual through passwords, personal identification numbers, tokens, biometric technology or digital certificates; and transmission security controls to protect the information moving through an electronic network (Chin).

Dr; Kibbe explains that encryption is an "addressable" implementation specification under the HIPAA security rule (Chin 2004). A physician is not required to encrypt emails to patients but he must determine if encrypting is the proper option. If he is a solo or small practitioner, he may do away with encryption, but the option is altogether different for a 16-doctor practice, which should use encryption in sending emails through a secure server Dr. Kibbe adds. One problem encountered in using encryption, however, is that patients must use the same software to decrypt the email messages, according to experts. Physicians can, nonetheless, use secure web portals, secure messaging networks or virtual private networks to avoid or solve this problem One such secure messaging network is Medem, Inc., which is partly owned by the American Medical Association.

Physicians complying with HIPAA's security rule need not use anti-virus software but good practice dictates it to keep a computer set running well, according to Paramore (Chin 2004). Compliance costs will vary from physician to physician and depend on individual needs in meeting requirements. Adjustment or compliance with HIPAA rule will not occur overnight but gradually and is better begun early. Meeting the risk analysis requirement alone will take time, as a physician cannot proceed very far without first determining or identifying where to best spend one's money and effort in reducing or containing security risks, Dr. Lazarus emphasizes. This phase alone will take up half a day up to several weeks, depending on the complexity of the organization (Chin).

Privacy and security are major issues for the medical profession, which the HIPAA seeks to address as part of a broad and overall attempt at reforming the health care system (Website Tonight 2003). HIPAA consists of the Transaction and Code Sets, the Privacy Rule and the Security Rule. The Privacy Rule became effective on April 16, 2003 and requires all those covered to thoroughly review their privacy measures and analyzes risks and gaps so that they can take appropriate steps in upgrading their practice standards.

Most of HIPAA's requirements became effective on June 30, 1997 (Public Law [HIDDEN] ). From thereon, group health plans are obliged to comply with all the non-discrimination, pre-existing...

The Secretary of the Labor is the enforcer of HIPAA portability requirements on group health plans under ERISA and including self-insured arrangements. Participants or those covered may file actions or suit under ERISA. The Secretary of Treasury enforces the health care portability requirements on group health plans, including self-insured arrangements. A violating taxpayer may be subjected to the payment of excise tax.
Local governments exercise control over group and individual requirements imposed by HIPAA on health insurance issuers and these include sanctions available under local laws (Public Law [HIDDEN] ). If the State does not act in those areas within its responsibility in the event of a question or problem, the Secretary of Health and Human Services may perform the function or exercise that right or duty of the State by declaring that it has failed to "substantially" enforce the law, by declaring its federal authority to take over the enforcement responsibility and from there, impose sanctions on insurers, including civil monetary penalties, according to law (Public Law 104-191).

HIPAA does not require an employer to offer or provide health coverage for an employee, because health coverage is voluntary, neither does HIPAA restrict the amount or nature of employee benefits (Public Law [HIDDEN] ). If a new employer does not provide health coverage, the employee may continue to pay for his or her previous employer's plan under the COBRA continuation coverage. An employee who is unable to obtain group coverage may obtain an individual insurance policy from an insurance company. HIPAA guarantees this right to eligible persons who have had coverage for at least 18 months, especially under a group health plan in the most recently covered period; who have not had their group coverage terminated because of fraud or the non-payment of premiums; are ineligible for continuation coverage under COBRA or have exhausted their COBRA benefits; and are not eligible for coverage under another group health plan, by Medicare, Medicaid or an equivalent. An employee can avail of an individual insurance policy whether he or she is laid off, fired or quits a job (Public Law).

Bibliography

American Medical Association. HIPAA-Health Insurance Portability and Accountability Act, June 23, 2004. http://www.ama-assn.org/ama/pub/category/4234.html

Centers for Medicare and Medicaid Services. The Health Insurance Portability and Accountability Act of 1996, 2004. http://cms.hhs.gov/hipaa

Chin, Tyler. Data Guard: the Next HIPAA Mandate. American Medical News. Mobile edition. http://www.ama-assa.org/amednews/2004/05/10/bisa0510.htm

Employee Benefits Security Administration. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). U.S. Department of Labor. http://www.dol.gov/ebsa/pdf/fshipaa.pdf

Gellman, Robert. Medical Privacy in the Electronic Age. HIPAA Basics: Medical Privacy fact sheet 8 (a). Privacy Rights Clearinghouse, 2003. http://www.privacyrighs.org/fs/fs8a-hipaa.htm

Hep-C Alert. HIPAA. Digiscape Communications, 2002. http://www.hep-c-alert.org/links/hipp.html

Legislative and Government Affairs. Health Insurance Portability and Accountability Act of 1996. National Association of Health Underwriters, 2003. http://nahu.org/government/issues/hipaa

Public Law 104-191. Health Insurance Portability and Accountability Act of 1996. 104th Congress, August 21, 1996. http://aspe.hhs.gov/admnsimp/pl104191.htm

US Department of Health and Human Services. Designated Standard Maintenance Organization. Hipaa-dsmo, Dec 2004. http://www.hipaa-dsmo.org

Website Tonight. HIPAA. AMR Healthcare Solutions, 2003. http://app.websitetonight.com/project_root/a/amrhcs/page6.html

Sources used in this document:
Bibliography

American Medical Association. HIPAA-Health Insurance Portability and Accountability Act, June 23, 2004. http://www.ama-assn.org/ama/pub/category/4234.html

Centers for Medicare and Medicaid Services. The Health Insurance Portability and Accountability Act of 1996, 2004. http://cms.hhs.gov/hipaa

Chin, Tyler. Data Guard: the Next HIPAA Mandate. American Medical News. Mobile edition. http://www.ama-assa.org/amednews/2004/05/10/bisa0510.htm

Employee Benefits Security Administration. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). U.S. Department of Labor. http://www.dol.gov/ebsa/pdf/fshipaa.pdf
Gellman, Robert. Medical Privacy in the Electronic Age. HIPAA Basics: Medical Privacy fact sheet 8 (a). Privacy Rights Clearinghouse, 2003. http://www.privacyrighs.org/fs/fs8a-hipaa.htm
Hep-C Alert. HIPAA. Digiscape Communications, 2002. http://www.hep-c-alert.org/links/hipp.html
Legislative and Government Affairs. Health Insurance Portability and Accountability Act of 1996. National Association of Health Underwriters, 2003. http://nahu.org/government/issues/hipaa
Public Law 104-191. Health Insurance Portability and Accountability Act of 1996. 104th Congress, August 21, 1996. http://aspe.hhs.gov/admnsimp/pl104191.htm
US Department of Health and Human Services. Designated Standard Maintenance Organization. Hipaa-dsmo, Dec 2004. http://www.hipaa-dsmo.org
Website Tonight. HIPAA. AMR Healthcare Solutions, 2003. http://app.websitetonight.com/project_root/a/amrhcs/page6.html
Cite this Document:
Copy Bibliography Citation

Related Documents

HIPAA Giving Employees the Freedom
Words: 2167 Length: 7 Document Type: Thesis

Figure 1: Electronic Medical Systems Architecture Source: (Cahn, 2001) The core building blocks of this framework include the presentation and client layers, where web-based applications aligned with the needs of clinicians, specialist MDs and patients. The need for synchronization across Platform, Storage and Infrastructure and Integration areas of this framework dictate the speed and accuracy of responses to all users of the system. Thinking of this framework as the foundation that the

Medical Billing and Coding Can Be Described
Words: 939 Length: 3 Document Type: Essay

Medical billing and coding can be described as the process of presenting and following up on claims to health insurance companies for the purpose of obtaining payment for services provided by the healthcare provider. Regardless of whether an insurance company is government-owned or privately owned company, the process for medical billing and coding is similar for many companies. For an individual to become a specialist in medical billing and coding,

HIPAA Compliant Electronic Medical Record Capture/Management System...
Words: 2724 Length: 10 Document Type: Essay

HIPAA Compliant Electronic Medical Record Capture/Management System The successful outcome of medical processes largely depends on complete, relevant, and timely medical data. Up-to-date and accurate data allows for images of surgical wounds, surgical pathology, and operative techniques to be used in the most efficient ways for patient management. However, while there are technological solutions that could improve medical data storage and retrieval systems, any improvement to medical data systems must include

Lost Medical Records Are Process Errors That
Words: 2059 Length: 6 Document Type: Term Paper

Lost medical records are process errors that can cause significant medical issues affecting patient privacy, care and safety. Furthermore, Federal laws mandate the secure creation, retention and use of medical records to ensure the highest quality of care, security and privacy for patients. Consequently, health care providers, often under severe budgetary limitations, struggle to comply with these legal, medical and ethical mandates. Research appears to show that medical records issues,

An Analysis of Four Medical Codes of Ethics
Words: 2329 Length: 9 Document Type: Essay

Institutional Code of Ethics Today, the healthcare industry is faced with rising costs, increasing regulation and growing numbers of patients with age-related conditions as the Baby Boomer segment of the U.S. population enters their retirement age. Combined with innovations in medical technologies, these trends have created the need for codes of ethics that can provide clinicians and employees with the general guidelines they need to resolve the wide range of day-to-day

Patient Safety Reduce Medical Errors and Increase Patient Safety...
Words: 3077 Length: 12 Document Type: Term Paper

Patient care and recovery statistics demonstrate that the United States has a medical care system with which Americans are less satisfied than other citizens in developed countries. There are many reasons for this: correlation between health and socioeconomic status; non-universality; federal government is not involved in medical planning although it purchases a large percentage of the 14% health care GNP; lobbying and special interest group interference; and political opposition to

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now