Many health vendors are joining the HITECH bandwagon and are offering their own products and services. All these, products and services, are aimed at protecting against any breaches covered under HIPAA. There has been enough communication within the industry to show that it does not properly distinguish between the two kinds of breaches, i.e., privacy breaches and security breaches.

A privacy breach is said to have been perpetuated, when a properly authenticated and authorized user looks into a patient’s record without any particular need or requirement to do so. For example, a doctor looking at a record of a patient to review information, if he is not treating that person at the moment, is termed as privacy breach.

This privacy breach has to be disclosed under the HITECH regulations. The same doctor, however, cannot be booked for privacy breach when he pulls up the records a week later, as he is treating that patient at that particular time.

A security breach occurs when there is a successful hacking carried out into a system, disks or unencrypted laptops and computers containing identifiable patient details. This also implies a privacy breach, as it is an unauthorized access to private data. But strangely enough, a privacy breach cannot be termed as a security breach.

Many experts conclude that protection against security breaches is a prevention of privacy breaches. Prevention of security breaches can be easily accomplished through a two-factor authentication at the data workstation, locking terminals to prevent improper and unauthorized usage of data; other authentication approaches for clinical users should also be included. The latter is an important way to prevent privacy breaches, but is the more difficult of the two to achieve.

The introduction of HITECH regulations has extended the bite of the HIPAA framework. Healthcare organizations are now required, under law, to disclose a patients privacy breach to the patient who has been effected. In certain cases, a notification of the same has to be made to the secretary of Health and Human Services. This much talked about HIPAA and HITECH compliance and the application and desktop virtualization can therefore be an effective means of protecting against security breaches.

HIPAA privacy rule came in effect on 14^th April, 2003 and regulates usage and disclosure of some parts of information that’s held by employer health plans companies, health care providers and clearinghouses. Privacy rule of HIPAA manages Protected Health Information (PHI). PHI mainly includes all the medical records and payment history of a patient.

Under HIPAA privacy rule, covered entities are required to disclose Protected Health Information within 30 days of request to the individual. Covered entities are also required to disclose the information when a professional suspects illegal or criminal activities like child abuse. Such cases are required to be reported state authorities, immediately.

PHI can also be discloses when it is essential for treatment, health care operations or payments. In some other cases, the covered entities will need permission from the individual to disclose his PHI. But the entities must make sure that only as much information is disclosed as essential for the purpose. The entity that’s disclosing the information must make efforts to ensure that no unnecessary information is disclosed. They are also required to inform about the disclosure of information to any authority, in advance.

All the disclosures should be documented and recorded to keep track of PHI given to various sources. A privacy official should be appointed by covered entities to manage all these information. A contact person should also be appointed who will be responsible to handle all the complaints and all the officials in the covered entity should be trained to handle PHI.

The protected individual also gets many rights, under HIPAA privacy rule. He can request the rectification of any inaccurate information. He has the right to expect complete confidentiality of the information he communicates with his doctors and other medical practitioners. He can also ask the doctor to communicate with him in a particular time-span or through a particular channel, to maintain his privacy. The individual can file a complaint in Department of Health and Human Services office, if he finds any violations in his privacy rights.

HIPAA Privacy rule is helping many individuals to protect their privacy and medical history.

HIPPA stands for Health Insurance Portability and Accountability Act. It This act came in force in 1996 to protect unnecessary disclosure and exploitation of health information of consumers. It is made of two major sets of rules.

1. HIPAA privacy rule: This rule makes it mandatory to keep the personal health information of a person confidential.
2. HIPAA Security Rule: This rule creates privacy standards for electronic health information of patients.

Under HIPPA, following information is protected:

1. Medical Records: These include all kinds of identifiable medical information about a person.
2. Conversations of a patient with his or her doctors and nurses about the treatment
3. Billing information.
4. Medical information in the computer systems of Health Insurance Company.
5. All the information that unnecessary reveals your medical information.

The entities which are bound to comply with HIPAA are known as “covered entities.”
This Act must be followed by the following people:

1. All healthcare providers: These include medical practitioners, clinics, nursing homes and hospitals.
2. Health plan providers: These include HMOs, Medicaid, health plans provided by company, insurance companies and Medicare.

But HIPAA is not a universal law. This means that there are still some agencies which are not required to follow the rules of this act. Not every organization that may have the medical records of a patient is a “covered entity.” Life insurance companies, schools, workers compensation providers and employers are not required to comply with the privacy rules of HIPAA. Municipal offices and state and law enforcement agencies have also been exempted from this act.

HIPAA law provides a number of rights to the patient. They have the right to see and possess a copy of all of their health records that any medical institution has in its records. The institution may charge the patient to provide a copy of the records.

The patient is also entitled to know how his information will be protected. He must be informed of all the circumstances in which his information may be used and shared. A patient can also complaint against insurance company, doctor or any other institution, in case his or her information is misused or leaked without permission.

The privacy rules, which come under HIPAA, are not something, which is completely new for any person. Many people would have gone through the experience of signing the HIPAA form when they went for a visit to the doctor and this form will be stored along with the medical records of the patient. People who have had to undergo any kind of medical tests or those who have been hospitalized before would have to sign a HIPAA form along with many other consent forms.

In 1996, the US Congress passed the health insurance portability and accountability act, which will help in providing more protection for people with regard to insurance and the privacy of their medical information. These rules were also designed to help in improving the security measures with regard to the electronic exchange of data. The privacy rules of HIPAA were enforced in 2003, and these were designed to provide protection for the medical information of all patients like the status of their health, payment for the required health care etc. These rules regarding privacy will ensure that medical records of the patient and the details regarding the payment for the medical facilities are well guarded and protected.

The privacy rules which come under HIPAA state that any person or individual can ask for any kind of incorrect information to be completely removed from their medical records. Every individual also has the right to ensure that the privacy of his or her personal information has been maintained. Personal information pertains to personal contact details like the address, telephone number, social security number etc. If a person does not want any of his personal information to be revealed, then the authorities should respect this right. This law also gives people the right to procure a copy of their medical records whenever they want and this copy should be delivered within thirty days of the request being submitted. If any person feels that the security of his or her personal information has been compromised in any manner, then they can file a complaint with the office of civil rights, which comes under the department of Health and Human Services.

All the health care agencies, which come under HIPAA, should ensure that all the medical records of the patient are kept extremely private and confidential. The payment records of the patients also come under this. Just as how there are exceptions to every rule, this rule does not apply when there is a case of child abuse being investigated and the required information will have to be revealed to the concerned authorities. If someone has placed a request for personal information, then all the required authorization forms should be signed by the concerned individual before any kind of personal medical information or contact information has been released to the concerned authorities. Only the necessary amount of information should be released and nothing more than that should be revealed.  An official should be posted in order to ensure that the privacy of the information has been preserved as much as possible.

HIPAA is the acronym for the health insurance portability and accountability act, which was enforced in 1996 by the Congress in the United States. This act was created so that many problems, which are being faced in the field of medical insurance coverage and regarding the privacy of the medical information of each person, can be taken care of. The security rules, which come under HIPAA, came into force in the year 2003, and the compliance data was implemented in the year 2005. The security rules and the privacy rules are similar in the fact that they help in ensuring that the privacy of the medical information of the patient is not violated. But the point of difference lies in the fact that the privacy rule is mainly concerned with the electronic information. There are three main areas, which come under the security rules, and they are the administrative, physical and technical areas.

Administrative area – According to these rules, all medical facilities and health care centers will follow standard rules and procedures when it comes to protecting the privacy of the patient. There should be a privacy officer who has been stationed to ensure that all the privacy policies are being enacted in the right manner. All employees who will be provided with access to electronic information should be properly identified and they should also be provided with the required authorization, which will not be made available to other employees. Only those employees who need to access this information in order to carry out their daily duties in the right manner should be provided with the authorization to access the personal medical information of all the patients. When any employees who have been outsourced are being provided entry into the health care facility, they should also follow all the rules and regulations, which come under HIPAA. Backup copies of all the medical details of the patient should also be preserved and proper measures should be taken to ensure that all these copies have been properly protected.

There are also security rules with regard to the physical safety of the hardware and the software, which have been used in the processing as well as the storage of all the medical information of the patients. No person can be given access to the medical information of the patients unless he has the required authorization. Maintenance records, security registers, sign-in forms of visitors should be checked in the proper manner. All monitors and screens, which are being used in order to display any kind of sensitive information, should be kept out of reach of the any people who do not have the required authorization.

The technical aspect of all the security rules is concerned with the safety and protection of all computers as well as the network systems and also protecting them from any kind of external invasion. All the transfer as well as the transmission of the data should be performed in a safe as well as secure manner and steps should be taken to ensure that no unauthorized person is able to intercept the information during the process of transmission.

Privacy is something, which holds immense value for a lot of people. But providers of health care have not properly understood the value of this privacy since they freely distribute personal medical information regarding patients. This is a problem which is not only faced by elderly people who are sick but also by children who are students and going to university. Though many parents feel that their 18-year old is just a child, in the eyes of the law, he or she is considered to be an adult and totally capable of making his or her own decision. The need for privacy has now taken the shape of a legal rule. California has its won laws, which govern the privacy of medical information of patients. But in all other parts of the country, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“) has been legally enforced.

People who are involved in the field of healthcare do not realize that they need not discuss the medical condition of the patient even with his or her spouse. According to a recent mandate which has been issued by the department of Health and Human Services, the doctors and other officials in the hospital need not discuss the medical condition of the patient even with the family members when the patient is lying in an unconscious state.  They should make use of their common sense and sense of discretion in order to do what is best for the patient. The exact words of the mandate state “If the patient is not present or is incapacitated, a health care provider may share the patient’s information with family, friends, or others as long as the health care provider determines, based on professional judgment, that it is in the best interest of the patient.”

A doctor or surgeon who has performed some kind of emergency operation on the patient can inform the family members about the health condition of the patient even when the patient is unconscious. A pharmacist has the authority to provide a prescription to the friend of the patient who has been given the authority by the patient to come and collect the prescription. The hospital bill and expenses of the patient can be discussed between the doctor and the child of the patient who is an adult. The bills can be charged to the account of the spouse of the patient. When a health care provider needs some clarification about the dosage of medication being provided to the patient, he can obtain the required information from the health care center where the previous doses of medication have been administered to the patient.

Every patient should ensure that he or she signs all forms which are related to HIPAA so that they can ensure that their medical information will only be provided to their family members in the event of an emergency. It is advisable to contact an attorney who will assist you in the preparation of a HIPAA release form. This will also make sure that the health care providers will provide the information which will be needed by family members in order to make a decision at the right time.

HIPAA is the abbreviation for the health insurance portability and accountability act. The rules regarding privacy, which under HIPAA are quite famous. The United States department of Health and Human Services has created a summary of all the privacy rules, which come under HIPAA. This summary alone is 25 pages long. When this act was first enforced in the year 1996, the rules regarding privacy had mainly been created for protecting the privacy of the medical information of patients. But at the same time they also contain provisions, which will ensure that all the necessary details regarding the medical history of the patient will be revealed so that the right kind of treatment can be made available to the patient. This act will make sure that not every person will have equal access to all your medical records. When the patient wants a health care provider to check all medical records, then he or she can sign a release form, which will provide access to all the medical records of the patient. All kinds of health care plans, health care clearing houses as well as health care providers have been described as covered entities under the act.

All the rules regarding privacy, which come under HIPAA, are applicable to all the business associates who have dealings with health care plans, healthcare clearing houses as well as health care providers. Business associates provide support services to covered entities like legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services. A privacy notice contains details of the kind of information, which should be collected by the health plan, description of the health records of the patient, a summation of rights with regard to health information and the main duties and responsibilities of the health care provider.

The health plan contains all the personal identification information regarding the patient like the name, address, telephone number, the date of birth and the social security number of the patient. It also contains other financial details like the amount of money, which has been currently accumulated in the plan and the current balance, which is available in the health care plan. All the health information regarding the patient like the diagnosis, which has been given by the physician, the current status of the health and details of any medical claims, which have been made so far, should all be included in the details of the health plan.

Whenever you make a visit to your doctor or to the hospital, a notification will be made in your personal health record. This record will contain all details of medical symptoms, which have exhibited themselves in the past, all the tests, which have been previously conducted, the diagnosis, which has been made, and the treatment, which has been prescribed. This will provide all the doctors with all the information which they will need about your past medical history so that they can prescribe the right kind of medical care for you in the future.

HIPAA has led to sweeping changes to health care administration and information systems as health care organizations struggle to achieve cost-effective compliance by 2003. The US Congress enacted the Health Insurance Portability and Accountability Act or HIPAA in 1996. The act covered a wide array of issues surrounding the health insurance industry but in particular it required administration simplification, which addressed the issue of security and privacy of health information.

HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records (whether paper or electronic). HIPAA outlined standards to improve the nation’s health care system by incorporating electronic data exchange between health care providers. The idea of course was to allow various health providers to access the records of a particular patient. So, when a patient visits a new hospital, the covering doctor can access that patients past record and in so doing provide him with better care. However, as one could envisage, this raised a great number of apprehensions with respect to the privacy and confidentiality of people’s medical records. So the legislature created a fundamental list of rules and regulations with which health care providers must comply. And the creation of these rules and regulations gave birth to the industry that is called HIPAA Compliance.

To ensure HIPAA compliance, there are certain key provisions, which need to be followed. For instance, individuals should be able to access their records and request correction of errors. Also, they should be informed about how their personal information will be used. The ‘protected health information’ (PHI) indicates that the information cannot be used for marketing purposes without the clear consent of the patients in question. People should be able to ask their covered entities (which maintain PHI about them), to ensure that their communications with the patient are confidential. It should be possible for people to file formal privacy-related complaints to the Department of Health and Human Services (HHS) Office for Civil Rights. Covered entities should document their privacy procedures, however, they have discretion on what to include in their privacy procedure. They are required to designate a privacy officer and train their employees. Covered entities can use an individual’s information without the individual’s consent if the purpose is to provide treatment, obtain payment for services and to perform the non-treatment operational tasks of the provider’s business. Some of the agencies, government bodies and individuals who can access the medical records of a person under HIPAA compliance rules are the insurance companies, employers, courts, hospitals, or individual physicians. This is also considered as a downside of the HIPAA Privacy rule because sponsors of a research study; makers of drugs for the particular study and the researchers involved in the study are included in this list.

However, the ultimate objective of HIPAA is to increase the efficiency and effectiveness of health information systems through improvements in electronic health care transactions as well as to maintain the security and privacy of individually identifiable health information.