HMGT 372 ASSESSMENT 1
Running head: Privacy and Confidentiality 1
Management Tools for Health Care Organizations to Comply with Patient's Legal Rights
Tasha M. Moore
HMGT 372 6980 Legal and Ethical Issues -UMGC
June 30, 2020
Professor Ann Nevers
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/
Running head: Privacy and Confidentiality 2
Official Title of the Law or Laws
Privacy and confidentiality are two facets of health treatment that are particularly relevant
to a patient. In healthcare privacy refers to an individual's right to keep his or her health
information private. Also, in healthcare confidentiality refers to the responsibility of any
individual entrusted with health records to hold the records confidential. HIPAA is the Health
Insurance Portability and Accountability Act that was created in 1996 and it is a federal law that
was created to provide protection for sensitive patient health information from being disclosed
without the patient’s consent or knowledge. According to Summary of the HIPAA Privacy Rule
(2020), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law
104-191, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the
Secretary of HHS to publicize standards for the electronic exchange, privacy and security of
health information. Collectively these are known as the Administrative Simplification provisions.
HIPAA is not a state law; however, According to Privacy and Security Solutions for
Interoperable Health Information Exchange (2009), in many states, the Health Insurance
Portability and Accountability Act of 1996 (HIPAA) Privacy Rule sets the standard for hospitals’
and doctors’ disclosure of health information for treatment, either expressly or implicitly. There
are some states that do implement HIPAA guidelines, and there are some states that do require
hospitals and doctors to reveal health information to patients by statute. HIPAA’s United States
law code is 42 U. S. Code § 1320d-6 Wrongful disclosure of individually identifiable health
information.
Health Care Organization’s Obligations to meet Patients’ Legal Rights
The HIPAA Protection Rule and the HIPAA Privacy Rule are the legal requirements of
HIPAA that are necessary for every healthcare institution to provide and satisfy the legal
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/
Running head: Privacy and Confidentiality 3
rights of the patient. The legal obligation of HIPAA law According to Summary of the HIPAA
Security Rule (2020), required the Secretary of the U.S. Department of Health and Human
Services (HHS) to develop regulations protecting the privacy and security of certain health
information.1 To fulfill this requirement, HHS published what are commonly known as the
HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy
of Individually Identifiable Health Information, establishes national standards for the protection
of certain health information. The Security Standards for the Protection of Electronic Protected
Health Information (the Security Rule) establish a national set of security standards for
protecting certain health information that is held or transferred in electronic form. According to
Summary of the HIPAA Privacy Rule (2020), HIPAA Privacy Rule law code is located at 45
CFR Part 160 and Subparts A and E of Part 164. According to Summary of the HIPAA Security
Rule (2020), HIPAA Security law code is located at 45 CFR Part 160 and Subparts A and C of
Part 164. Health plans, health care providers and healthcare clearinghouses are entities that are
required to comply with legal obligations and to comply with the law.
Consequences for Non-Compliance
Failure to comply with the HIPAA guidelines may lead to penalties and prosecutions.
According to HIPAA violations & enforcement (1995-2020), failure to comply
with HIPAA can also result in civil and criminal penalties. If a complaint describes an action that
could be a violation of the criminal provision of HIPAA, Office of Civil Rights (OCR) may refer
the complaint to the Department of Justice (DOJ) for investigation. An example of one real-life
violation of HIPAA on the civil side, which resulted in a multi-million-dollar penalty, was
against two healthcare providers who failed to protect their patient medical records. According to
Reynolds (2019), The University of Rochester Medical Center (URMC) will pay $3 million to
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/
Running head: Privacy and Confidentiality 4
the Office of Civil Rights (OCR) and take action to correct and settle potential violations of
HIPAA privacy and security rules as part of a settlement announced November 5. Infringement
of the hospital URMC filed allegations of privacy breaches with OCR after the revelation that
secure patient details being published without authorization owing to the destruction of an
unencrypted hard drive in 2013 and the robbery of an unencrypted laptop in 2017, according to
the document. This case was decided in the U.S. District Court. When violating HIPAA on the
criminal side According to Understanding the Potential Consequences of a HIPAA Violation
(n.d.), although rarer, a HIPAA violation can fall into the hands of the Department of Justice if
there has been a criminal violation of rules. Criminal penalties for a HIPAA violation come with
a fine and potentially a prison sentence of up to 10 years. Criminal offenses can include
violations that involve false pretenses or were made with personal gain or malicious intent. A real
life in the news situation According to Donovan (2018), Linda Sue Kalina, a former patient
information coordinator at University of Pittsburgh Medical Center (UPMC), was indicted by a
federal grand jury in Pittsburgh for HIPAA violations. The Butler County resident was charged
on six counts of wrongfully obtaining and disclosing PHI of another person, the Department of
Justice (DOJ) announced June 29. This employee has taken patient details from 111 patients
planning to inflict injury. Kalina risked a penalty of $350,000 or more for up to 11 years in jail.
This case was decided in a Pittsburgh Federal Court.
Health Service Organization Management Actions to meet Legal Obligations for
Patients’ Rights
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/
Running head: Privacy and Confidentiality 5
First, HIPAA’s significance on electronic medical records According to HIPAA Impact on
Electronic Health Records (2008), HIPAA regulations require that covered entities implement
administrative, physical and technical safeguards that reasonably and appropriately protect the
confidentiality, integrity, and availability of the electronic PHI that it creates, receives, maintains,
or transmits. The three protections are regulated by the HIPAA Protection Policy which allow the
agencies involved to guarantee the arrangements for the security of personal health information
(PHI) are in effect. In addition, HIPAA’s significance when it comes to patients knowing and
obtaining what’s in their medical records According to Individuals’ Right under HIPAA to
Access their Health Information 45 CFR § 164.524 (2020), with limited exceptions, the HIPAA
Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and
receive copies upon request of the information in their medical and other health records
maintained by their health care providers and health plans. They also have patient services that
can enable you to directly view your health records and see what your health care professional
reports mean regarding your appointments, see your condition and what guidance you have been
offered. Lastly, HIPAA’s significance as to who HIPAA law apply to would be healthcare
providers, healthcare plans and healthcare clearinghouses. According to Who Does HIPAA
Apply To? (2017), HIPAA applies to healthcare providers, health plans, and healthcare
clearinghouses if those organizations transmit health data electronically in connection with
transactions for which the Department of Health and Human Services has adopted standards.
Health care providers include all healthcare organizations such as hospitals, private providers'
offices, nursing homes, rehabilitation centers, outpatient centers, pharmacies and dental offices.
Hospital services include health providers and government initiatives.
Conclusion
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/
Running head: Privacy and Confidentiality 6
HIPAA is the legislation passed in 1996 to safeguard confidential details surrounding patients
' health. There were no legislation in effect previous to HIPAA to shield personal health records,
so no safeguards were in place to secure confidential insurance information that was exchanged
between health care facilities and any agencies that might have needed health details from an
individual. To conclude, the privileges that a patient now has under HIPAA are that they are
entitled to access their medical history, that a patient may request that the details be updated in
their medical records, and that patients have the ability to lodge a complaint with the U. S.
Health & Human Services Agency that people fear their confidential privacy is not being
covered.
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/
Running head: Privacy and Confidentiality 7
Works Cited Donovan, F. (2018, July 2). Former UPMC Worker Indicted for HIPAA Violations. Retrieved
from HealthITSecurity: https://healthitsecurity.com/news/former-upmc-worker-indicted- for-hipaa-violations
HIPAA Impact on Electronic Health Records. (2008, August 21). Retrieved from McGuireWoods: https://www.mcguirewoods.com/client-resources/Alerts/2008/8/HIPAA- Impact-on-Electronic-Health-Records
HIPAA violations & enforcement. (1995-2020). Retrieved from AMA: https://www.ama- assn.org/practice-management/hipaa/hipaa-violations-enforcement#:~:text=Failure
Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524. (2020, January 31). Retrieved from HHS.GOV: https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html
Privacy and Security Solutions for Interoperable Health Information Exchange. (2009, August ). Retrieved from HealthIT.gov : https://www.healthit.gov/sites/default/files/disclosure- report-1.pdf
Reynolds, K. (2019, November 12). HIPAA violations lead to multimillion-dollar penalties. Retrieved from Medical Economics: https://www.medicaleconomics.com/view/hipaa- violations-lead-multimillion-dollar-penalties
Summary of the HIPAA Privacy Rule. (2020). Retrieved from HHS.GOV: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
Summary of the HIPAA Security Rule. (2020). Retrieved from HHS.Gov: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
Understanding the Potential Consequences of a HIPAA Violation. (n.d.). Retrieved from Raintree Systems : https://www.raintreeinc.com/understanding-the-potential-consequences-of-a- hipaa-violation/
Who Does HIPAA Apply To? (2017, October 31). Retrieved from HIPAA Journal: https://www.hipaajournal.com/who-does-hipaa-apply-to/
This study source was downloaded by 100000766134782 from CourseHero.com on 05-16-2022 16:29:32 GMT -05:00
https://www.coursehero.com/file/98036932/HMGT-372-Assignment-1docx/ Powered by TCPDF (www.tcpdf.org)