Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

File

advertisement 
Chapter 5 Discussion Questions
2. Discuss the impacts of a breach to healthcare information systems, especially
the financial and privacy impacts.
According to Glandon, Smaltz & Slovensky (2008), protection of the
privacy of health information is a major issue faced by all healthcare
organizations. Protected health information, privacy and security must be made
priority in healthcare. Despite the requirements in the Health Information
Technology Act for Economic and Clinical Health (HITECH) Act of 2009 to
provide stronger safeguards for patient data, healthcare organizations are still
being found with data breaches incidents, which bring cost impact. According to a
study by the Ponemon Institute in Traverse City, Michigan, data breaches cost the
healthcare system an estimated $6 billion annually (DeGaspari, 2011). The study
found that some healthcare organizations have inadequate resources to secure
patient records or securing patient data is not their priority. The study also noted
that the top three causes of breaches are unintentional employee action, lost or
stolen computing devices and third-party snafu. “HIPAA has improved the state
of data record security and has enabled better privacy practices” but it is believed
that most organizations will not make the investment but instead they will look
for ways to just barely meet the requirements (DeGaspari, 2001).
3. What is HIPAA? What are the potential benefits to healthcare organizations to
be gained by compliance with HIPAA standards? What are the potential drawbacks?
HIPAA stands for Health Insurance Portability and Accountability Act of 1996.
HIPAA was enacted on August 21, 1996 to publicize standards for the electronic
exchange, privacy and security of health information known as the Administrative
Simplifications Provisions (www.hhs.gov/ocr). The U.S. Department of Health and
Human Services (HHS) issued the Privacy Rule to implement the requirement of HIPAA.
The standards address the use and disclosure of individuals’ health information – called
protected health information as well as standards for individuals’ privacy rights to
understand and control how their health information is used (p. 1). The rule permits
important use of health information and at the same time protecting the privacy of people
who are seeking care. Allowing the flow of information will provide and promote high
quality healthcare (p. 1).
Complying with the HIPAA standards comes with benefits for the healthcare
organization. According to Glandon, Smaltz & Slovensky (2008), HIPAA improved
quality by enhancing efficiency of electronic transmission through a standardized
identifier called the National Provider Identifier (NPI) that uniquely identified the
provider and payer source (p. 119). It also reduced paper consumption, increased
coordination of insurance benefits and payments. Health care organizations are able to
move away with health plan specific reporting and filing requirements and they are able
to maintain patient’s personal health information in a secure and confidential manner
(Bowers, 2001). One of the drawbacks of the Act for healthcare organizations is cost
especially for larger organizations, as they had to hire extra staff, a dedicated privacy
officer, to keep up with HIPAA requirements (www.finweb.com). There were costs
associated with compliance. The federal mandate came about during the time healthcare
organizations were experiencing reimbursement reduction due to the Balanced Budget
Act. Healthcare organizations also believed that some elements of the privacy rules
impeded their ability to treat patients (Bowers, 2001).
8. What concepts are important to information security policies and procedures?
What effect does HIPAA have on healthcare organizations’ policies and procedures? Are
there any other laws that may affect them?
According to Glandon, Smaltz & Slovensky (2008), there are two essential
elements that are important to security policies and procedures to maintain data security,
privacy and confidentiality of information. First is protecting against system failures or
external catastrophic events such as fires, storms, deliberate sabotage, and other acts of
God; where critical information could be lost and second is controlling access to
computer files by unauthorized personnel (p. 125-126). HIPAA forced healthcare
organizations to review their policies and procedures related to data and information
management. Development of comprehensive plans for security and policy revision were
necessary. There was a need to review the organization’s confidentiality policy to cover
necessary elements such as access rights, release of information, special handling of
specific information, availability and integrity of medical information, and approved
methods of information (p. 127). According to Ferrell (2001), HIPAA security rules
resemble a collection of recommended best practices. If the healthcare organization has
already adopted sound security practices, there will be no huge effort necessary to update
policies and procedures.
Another law that may affect healthcare organizations is the American Recovery
and Reinvestment Act of 2009 (ARRA). The Act has provisions that affect health
information management including technology adoption incentives and health
information privacy. The privacy provision came about due to concerns over the
confidentiality and transparency of electronic information. It relates as part of the HIPAA
privacy rule to increase the protection of patient information and increase transparency of
how information are used. (Rhodes, 2010). Also the requirements set forth by the Health
Information Technology Act for Economic and Clinical Health Act of 2009 (HITECH)
also may affect healthcare organizations.
References
Bowers, D. (2001). The health insurance portability and accountability act: is it really all
that bad. PMC Journal. 14(4). Retrieved from
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1305898
DeGaspari, J. (2011). Data breaches cost healthcare system billions. Healthcare
Informatics. Retrieved from http://www.healthcare-informatics.com/article/databreaches-cost-healthcare-system-billions
Feller, T. (2001). Impact of HIPAA security rules on healthcare organizations. SANS
Institute InfoSec Reading Room. Retrieved from http://www.sans.org/readingroom/whitepapers/policyissues/impact-hipaa-security-rules-healthcareorganizations4957
Financial Web. (nd). 5 disadvantages of HIPAA. Retrieved from http://
www.finweb.com/insurance/5-disadvantages-of-hipaa.html#axzz2gJ4BZM9u
Glandon, G. L., Smaltz, D. H., & Slovensky, D. J. (2008). Austin and Boxerman’s
information systems for healthcare management (7th ed.). Chicago, IL: Health
Administration Press.
Rhodes, H. (2010). HIPAA, too many ARRA privacy provisions amend HIPAA, not
create new regulation. Journal of AHIMA 81(1). Retrieved from
http://www.library.ahima.org
Related documents
ADVANCED CARE OB/GYN HIPAA PRIVACY NOTICE CONSENT
ADVANCED CARE OB/GYN HIPAA PRIVACY NOTICE CONSENT
An Introduction to HIPAA
An Introduction to HIPAA
01-162301-8945
01-162301-8945
Presentation Slides
Presentation Slides
CARDIOLOGY ASSOCIATES OF PRINCETON, PA
CARDIOLOGY ASSOCIATES OF PRINCETON, PA
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
Download
advertisement