HMGT 372 ASSESSMENT 1

profileBYSTANDER
HMGT_372_Assignment_SAMPLE.pdf

Running head: Privacy and Confidentiality 1

Management Tools for Health Care Organizations to Comply with Patient's Legal Rights

Tasha M. Moore

HMGT 372 6980 Legal and Ethical Issues -UMGC

June 30, 2020

Professor Ann Nevers

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/

Running head: Privacy and Confidentiality 2

Official Title of the Law or Laws

Privacy and confidentiality are two facets of health treatment that are particularly relevant

to a patient. In healthcare privacy refers to an individual's right to keep his or her health

information private. Also, in healthcare confidentiality refers to the responsibility of any

individual entrusted with health records to hold the records confidential. HIPAA is the Health

Insurance Portability and Accountability Act that was created in 1996 and it is a federal law that

was created to provide protection for sensitive patient health information from being disclosed

without the patient’s consent or knowledge. According to Summary of the HIPAA Privacy Rule

(2020), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law

104-191, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the

Secretary of HHS to publicize standards for the electronic exchange, privacy and security of

health information. Collectively these are known as the Administrative Simplification provisions.

HIPAA is not a state law; however, According to Privacy and Security Solutions for

Interoperable Health Information Exchange (2009), in many states, the Health Insurance

Portability and Accountability Act of 1996 (HIPAA) Privacy Rule sets the standard for hospitals’

and doctors’ disclosure of health information for treatment, either expressly or implicitly. There

are some states that do implement HIPAA guidelines, and there are some states that do require

hospitals and doctors to reveal health information to patients by statute. HIPAA’s United States

law code is 42 U. S. Code § 1320d-6 Wrongful disclosure of individually identifiable health

information.

Health Care Organization’s Obligations to meet Patients’ Legal Rights

The HIPAA Protection Rule and the HIPAA Privacy Rule are the legal requirements of

HIPAA that are necessary for every healthcare institution to provide and satisfy the legal

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/

Running head: Privacy and Confidentiality 3

rights of the patient. The legal obligation of HIPAA law According to Summary of the HIPAA

Security Rule (2020), required the Secretary of the U.S. Department of Health and Human

Services (HHS) to develop regulations protecting the privacy and security of certain health

information.1 To fulfill this requirement, HHS published what are commonly known as the

HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy

of Individually Identifiable Health Information, establishes national standards for the protection

of certain health information. The Security Standards for the Protection of Electronic Protected

Health Information (the Security Rule) establish a national set of security standards for

protecting certain health information that is held or transferred in electronic form. According to

Summary of the HIPAA Privacy Rule (2020), HIPAA Privacy Rule law code is located at 45

CFR Part 160 and Subparts A and E of Part 164. According to Summary of the HIPAA Security

Rule (2020), HIPAA Security law code is located at 45 CFR Part 160 and Subparts A and C of

Part 164. Health plans, health care providers and healthcare clearinghouses are entities that are

required to comply with legal obligations and to comply with the law.

Consequences for Non-Compliance

Failure to comply with the HIPAA guidelines may lead to penalties and prosecutions.

According to HIPAA violations & enforcement (1995-2020), failure to comply

with HIPAA can also result in civil and criminal penalties. If a complaint describes an action that

could be a violation of the criminal provision of HIPAA, Office of Civil Rights (OCR) may refer

the complaint to the Department of Justice (DOJ) for investigation. An example of one real-life

violation of HIPAA on the civil side, which resulted in a multi-million-dollar penalty, was

against two healthcare providers who failed to protect their patient medical records. According to

Reynolds (2019), The University of Rochester Medical Center (URMC) will pay $3 million to

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/

Running head: Privacy and Confidentiality 4

the Office of Civil Rights (OCR) and take action to correct and settle potential violations of

HIPAA privacy and security rules as part of a settlement announced November 5. Infringement

of the hospital URMC filed allegations of privacy breaches with OCR after the revelation that

secure patient details being published without authorization owing to the destruction of an

unencrypted hard drive in 2013 and the robbery of an unencrypted laptop in 2017, according to

the document. This case was decided in the U.S. District Court. When violating HIPAA on the

criminal side According to Understanding the Potential Consequences of a HIPAA Violation

(n.d.), although rarer, a HIPAA violation can fall into the hands of the Department of Justice if

there has been a criminal violation of rules. Criminal penalties for a HIPAA violation come with

a fine and potentially a prison sentence of up to 10 years. Criminal offenses can include

violations that involve false pretenses or were made with personal gain or malicious intent. A real

life in the news situation According to Donovan (2018), Linda Sue Kalina, a former patient

information coordinator at University of Pittsburgh Medical Center (UPMC), was indicted by a

federal grand jury in Pittsburgh for HIPAA violations. The Butler County resident was charged

on six counts of wrongfully obtaining and disclosing PHI of another person, the Department of

Justice (DOJ) announced June 29. This employee has taken patient details from 111 patients

planning to inflict injury. Kalina risked a penalty of $350,000 or more for up to 11 years in jail.

This case was decided in a Pittsburgh Federal Court.

Health Service Organization Management Actions to meet Legal Obligations for

Patients’ Rights

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/

Running head: Privacy and Confidentiality 5

First, HIPAA’s significance on electronic medical records According to HIPAA Impact on

Electronic Health Records (2008), HIPAA regulations require that covered entities implement

administrative, physical and technical safeguards that reasonably and appropriately protect the

confidentiality, integrity, and availability of the electronic PHI that it creates, receives, maintains,

or transmits. The three protections are regulated by the HIPAA Protection Policy which allow the

agencies involved to guarantee the arrangements for the security of personal health information

(PHI) are in effect. In addition, HIPAA’s significance when it comes to patients knowing and

obtaining what’s in their medical records According to Individuals’ Right under HIPAA to

Access their Health Information 45 CFR § 164.524 (2020), with limited exceptions, the HIPAA

Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and

receive copies upon request of the information in their medical and other health records

maintained by their health care providers and health plans. They also have patient services that

can enable you to directly view your health records and see what your health care professional

reports mean regarding your appointments, see your condition and what guidance you have been

offered. Lastly, HIPAA’s significance as to who HIPAA law apply to would be healthcare

providers, healthcare plans and healthcare clearinghouses. According to Who Does HIPAA

Apply To? (2017), HIPAA applies to healthcare providers, health plans, and healthcare

clearinghouses if those organizations transmit health data electronically in connection with

transactions for which the Department of Health and Human Services has adopted standards.

Health care providers include all healthcare organizations such as hospitals, private providers'

offices, nursing homes, rehabilitation centers, outpatient centers, pharmacies and dental offices.

Hospital services include health providers and government initiatives.

Conclusion

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/

Running head: Privacy and Confidentiality 6

HIPAA is the legislation passed in 1996 to safeguard confidential details surrounding patients

' health. There were no legislation in effect previous to HIPAA to shield personal health records,

so no safeguards were in place to secure confidential insurance information that was exchanged

between health care facilities and any agencies that might have needed health details from an

individual. To conclude, the privileges that a patient now has under HIPAA are that they are

entitled to access their medical history, that a patient may request that the details be updated in

their medical records, and that patients have the ability to lodge a complaint with the U. S.

Health & Human Services Agency that people fear their confidential privacy is not being

covered.

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/

Running head: Privacy and Confidentiality 7

Works Cited Donovan, F. (2018, July 2). Former UPMC Worker Indicted for HIPAA Violations. Retrieved

from HealthITSecurity: https://healthitsecurity.com/news/former-upmc-worker-indicted- for-hipaa-violations

HIPAA Impact on Electronic Health Records. (2008, August 21). Retrieved from McGuireWoods: https://www.mcguirewoods.com/client-resources/Alerts/2008/8/HIPAA- Impact-on-Electronic-Health-Records

HIPAA violations & enforcement. (1995-2020). Retrieved from AMA: https://www.ama- assn.org/practice-management/hipaa/hipaa-violations-enforcement#:~:text=Failure

Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524. (2020, January 31). Retrieved from HHS.GOV: https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html

Privacy and Security Solutions for Interoperable Health Information Exchange. (2009, August ). Retrieved from HealthIT.gov : https://www.healthit.gov/sites/default/files/disclosure- report-1.pdf

Reynolds, K. (2019, November 12). HIPAA violations lead to multimillion-dollar penalties. Retrieved from Medical Economics: https://www.medicaleconomics.com/view/hipaa- violations-lead-multimillion-dollar-penalties

Summary of the HIPAA Privacy Rule. (2020). Retrieved from HHS.GOV: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

Summary of the HIPAA Security Rule. (2020). Retrieved from HHS.Gov: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

Understanding the Potential Consequences of a HIPAA Violation. (n.d.). Retrieved from Raintree Systems : https://www.raintreeinc.com/understanding-the-potential-consequences-of-a- hipaa-violation/

Who Does HIPAA Apply To? (2017, October 31). Retrieved from HIPAA Journal: https://www.hipaajournal.com/who-does-hipaa-apply-to/

This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00

https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/ Powered by TCPDF (www.tcpdf.org)