ARGUMENT The regulations set in place according to the Health Insurance Portability and Accountability Act of 1996 is rather complex. According to HIPAA regulations, “covered entitiesâ€, which include health plans, health care providers that include hospitals and clinics, should make an effort to limit the use and disclosure of confidential patient information (Lorence, 2004). In a nutshell, the identifiable information that is obtained from these groups should not be disclosed without prior written authorization from the patient.
Here is the exception to the rule, which has resulted in countless violations of HIPAA mandates these past 12 years since the law’s ratification: clinicians may use and share information necessary for the treatment of patients; the institution can use the patient information to obtain or give reimbursement or payment for services rendered. Additionally, the institution can use or disclose information for a variety of policy and assessment activities that range from quality assurance, evaluation of outcomes. The exceptions to the rules are a reason why there are literally over 20,000 cited violations against confidentiality (Gostin, Hodge & Valdiserri, 2001).
The complexity of the rules not only increases the red tape in medical documentation, resulting in physicians and clinical care providers to fill out forms that ensure confidentiality, which incidentally decreases patient interaction time. Another spectrum that must be addressed is the effects on research. Since the 2003 implementation of the privacy rules, which are added into HIPAA, there are studies (Lela, and Beachboard, 2007) that show HIPAAhas actually imposed more barriers to research in academic health centers, thereby slowing the pace of research, which lead to increasing costs and decreases the propensity of subjects taking part in important research studies. This affects future population-based research in that it prevents research institutions to collect patient contact information for fear o violating laws (Kolton, Costa and David, 2002).
In 2003, the HIPAA Privacy Rules was passed to increase further restrictions, however, by in doing so actually impacted the manner in which health care plans handle the privacy of plan participants’ medical records. In the original HIPAA law of 1996, the law prohibited sharing of medical information without written or authorized consent from the patient, with certain exceptions, namely, the care providers’ ability to share patient information with other health care professionals especially if it was necessary for treatment of the patient in the event the patient had a medical disorder (West, 1996). A scenario that necessitated this would be a patient who was suffering from a myocardial infarction, it would be pertinent for the family practioner to share patient health information, particularly the patient’s vitals, patient’s blood type, the medical drugs the patient is taking, as well as any allergies to medication. These are critical information that is necessary for proper treatment of the patient’s myocardial infarction as the cardiologist would require these files to make a proper prognosis and establish a treatment plan.
However, with the passing of the 2003 HIPAA Privacy Rules, there have been significant restrictions. The proposed changes would permit direct cae providers to use and internally disclose protected health information for their own treatment, payment or health care operations without prior consent. Prior to the passing of the 2003 HIPAA Privacy Rules, the physicians had limited access and could share limited patient information internally, and it was the patient who made decisions. Recent law now places the medical care provider as being equal to the patient or having the same power as the patient by allowing it to make decisions that should be made by the patient. One particular aspect that should be addressed is that prior the 2003 HIPAA Privacy Rule, research companies and academic groups were able to contact patients and ask them if they would be interested in taking part of clinical research. However, with the 2003 HIPAA Privacy Rules, medical care providers were denying research groups the right to contact patients and by doing so, affecting research process (APA Privacy Concerns, 2005).
There have been some complaints related to the access of personal protected health information. Incidentally it should be noted that this is one of the most common type of HIPAA privacy rule complaint filed by patients. These complaints towards HIPAA include the host cost that some entities charge, restrictions for patient access to their information (Pandiani, Banks, and Schacht, 1998). One rather unique complaint that many patients make is that the privacy rules contain complex provisions that affects the patient’s right to access their PHI, which result in limitations for patients to make amendments to their PHI (West, 1996).
The paper written by Backlar (1996) addresses issues how medical information has been debated in the fields of medicine and justice as being sacrosanct. The author also points out that many governing institutions have promulgated laws and policies to protect patient privacy. Despite the current benefits of confidentiality via HIPAA, the current literature concedes that the demand of absolute confidentiality remains unrealistic, in particular, as what the author cites is the prevalence of online information and high speed communication. This article reiterates the importance of the necessity of an amendment to be made for HIPAA in which patients have the right to make amendments to their PHI with fewer restrictions (Gostin, Hodge, and Valdiserri, 2001).
There are privacy experts, policy analysts and researchers as well as legislators how warn that without strong safeguards, the medical data network encouraged by HIPAA could be used to deny benefits to people with certain physical or mental ailments; in addition, it could be used to allow erroneous information to be freely spread throughout the system (Kassebaum-Kennedy health bill, 1996).
The role of a manager working in the mental health field is dependent on the structures that are set in place, the ethical code of conduct that is prescribed to be followed. Health managers must abide by the HIPAA laws, but at the same time, the same laws that are designed to protect patients, these same laws are producing a rebound effect (Dlugacz, Restifo & Greenwood, 2004). This rebound effect includes the increase in red tape, the spawning of medical informatics corporations that provide analysis. The end effect of these laws include a reduction in research, increase in prices, restrictions on patients’ ability to amend certain health information, and a longer duration time.
Landros (2004) illustrate how additional HIPAA Laws have actually affected the quality of medical care especially in regards to minors and the role of parents for children below 18 years of age. The complex patchwork of federal and state laws that allow adolescents to seek confidential family-planning and mental-health services without their parents’ consent. The electronic medical records system is not fool proof and because these patients are still minors, they cannot be placed onto their own security agreements nor can they make amendments on their online records. Patients that are still considered minors, under the law, are unable to make decisions against their own health information, but according to the 2003 HIPAA Privacy Laws, many decisions about whether to notify parents about protected health care information is done by the health care providers (Landro, 2005). This is an example of an ethical dilemma that has been seen throughout the country regarding the HIPAA Privacy Laws.
Linkback:
https://tubagbohol.mikeligalig.com/index.php?topic=56036.0