Assignment: Policy/Regulation Fact Sheet: HIPAA Security Rule

Assignment: Policy/Regulation Fact Sheet: HIPAA Security Rule

HIPAA Policies

The Health Insurance Portability and Accountability Act (HIPAA) is a federal privacy rule that protects individuals from specific health information that is identifiable. The rule permits, though not obligates, covered healthcare providers to avail to their patients, the option to disclose their health information for specific purposes. The specific purposes include health care operations, payment, and treatment (DHHS, 2019). Assignment: Policy/Regulation Fact Sheet: HIPAA Security Rule

Impact of HIPAA on System Implementation, Clinical Care and Workflow

HIPAA protects privacy at different levels. Chen & Benusa (2017), note that breaches in healthcare data can cause adverse social and personal impacts for patients as well as their families. These breaches can incur large monetary costs that can affect both the Wall Street as well as health care organization investors (Jackson, 2015). Implementation requires that management and protection of private data should encompass machine learning and AI, allow for anonymization of healthcare genomic data while preserving utility; and ensure sensitive data does not leak.

BUY A PLAGIARISM-FREE PAPER HERE

HIPAA protects patients and in some cases, healthcare provider information. The ‘seven habits’ format for ensuring that HIPAA guidelines are in compliance when delivering services and for workflow are used. The seven habits include documenting the policy and controlling the environment; assigning appropriate oversight for compliance management; ensuring compliance through communication and training; implementation of regular auditing, monitoring, and control; consistent enforcement of control environment; regular screening of personnel; and preventing and responding to gaps and incidence (Joshi, 2008) Assignment: Policy/Regulation Fact Sheet: HIPAA Security Rule. Figure 1 shows a representative workflow

Source: Joshi, (2008)

Organizational Policies and Procedures

The healthcare institution will ensure that it develops, adopts, and implements the HIPAA privacy and security procedures and policies by first documenting the same. This will include taking steps when a breach takes place and appointing a security and privacy officer. The officer will need to be well-versed with the HIPAA policies and regulations. Regular assessments for risks will be conducted at random times and frequencies, to identify if any vulnerabilities exist. Doing so will ensure that integrity and confidentiality are maintained with regard to health information. If any risks are identified, remediation and policies’ revision will be done if necessary. Any breaches that are identified will be documented and investigation results notified to relevant authorities. Additionally, all email containing health information and requested by a patient will be encrypted and patients made aware of the purpose of encryption in protecting their privacy. Portable devices containing health information will be regulated with regard to their removal from the healthcare facility Assignment: Policy/Regulation Fact Sheet: HIPAA Security Rule. Additionally, a Notice of Privacy Practices will be published and displayed on the healthcare facility’s website and also made available for distribution to the patients.
Reference

Chen, J. Q., & Benusa, A. (2017). HIPAA security compliance challenges: The case for small healthcare providers. International Journal of Healthcare Management, 10(2), 135-146.

Department of Health and Human Services (2019). Summary of the HIPAA Security Rule. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

Jackson, J. (2015). The Costs of Medical Privacy Breach. MD advisor: a journal for New Jersey medical community, 8(3), 4-12.

Joshi, S. (2008). HIPAA, HIPAA, Hooray?: Current Challenges and Initiatives in Health Informatics in the United States. Biomedical informatics insights, 1, BII-S2007.https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4943069/#!po=8.33333 Assignment: Policy/Regulation Fact Sheet: HIPAA Security Rule