Health Insurance Portability and Accountability Act

The Act, which was enacted in 1996, is famously referred to as the Kennedy-Kassebaum Act in honor of the two leading sponsors. The Act, through its sections ranging from 261 to 264, bestows the Secretary of HHs with powers to publicize standards for the privacy, security and electronic exchange of health information. These guidelines are collectively referred to as the Administrative Simplification rules and are covered in the second title of the Act. The first title deals with the protection of health insurance for workers as well as their families in cases where they lose or change their jobs. The second title of the Act is particularly important for the role it plays in the privacy of patient information as well as maintenance of high confidentiality for patient-doctor information (Kulynych & Korn, 2013). In view of these guidelines, HIPAA dictates that the Secretary issues regulations governing the privacy of health information that can be individually identified. Following this development, the Privacy Rule was published in 2000 after a series of comments from the department as well as the general public. Later, the privacy Rules attained their last modifications in 2002 with more than 11000 comments from the general public on the same.

The popularity of the HIPAA laws in relation to the second title can be attributed to the increasing role in protection of the privacy of health information. The Act binds health professions to maintain the highest standards of confidentiality in achieving the same goal. The HIPAA laws protect a myriad of health information depending on the sensitivity of the specific information in the medical field. Information keyed in the medical records pertaining to the patients is given high preference in this undertaking. Nurses, doctors and other health care providers are required in law to maintain the privacy of such information and seek consent from the patients in case it is used. In addition, the information generated from conversations between nurses and doctors regarding the patient’s care is also covered in the Act. The Act does not however confine its rules on the two types of information but goes further to cover the billing information about the patient in the clinics they attend. Information about individuals is also protected in the computer systems of health insurers and cannot be used without the patient’s consent. Extensively, all other health information about individuals that is held by people under the law is also assured of privacy under the Act (Wu, 2014).

The HIPAA laws provide for the protection of the privacy of the health information at all costs. Unknown to most, the reception areas is one of the most important aspects in the achievement of this regulation and is also one of the most vulnerable. In maintaining this privacy, therefore, the receptionist must ensure that Identifiable Patient Information is kept away from the view of walk in patients. Consequently, information relating to charts claims appointment book and even checks should be kept private. Moreover, all conversations with patients and their family members must be held in private especially when it relates to their health and financial status. Confidential issues must be held in a different and isolated room to ensure that no other person accesses the information unlawfully. In maintaining the security of such information, the computer screen of the reception area should only be visible to the receptionist to avoid unauthorized access. Other assets such as password must be kept concealed to avoid cases of hacking and the password remembering tool should be turned off in the computers (Kulynych & Korn, 2013). The relationship between attainment of HIPAA laws and the running of the reception area cannot therefore be under estimated.

The use of charts to record health information is a common undertaking in hospitals with the possibility of undermining the HIPAA regulations. As thus, the use of these charts must be done in a systematic manner to ensure maximum security and privacy of the associated information. In view of these developments, charts must be kept away from unauthorized access at all times. For instance, the entire chart or file must not be provided when specific information is requested. Instead, the particular date of service that is requested should be the only one provided unless there are valid reasons for the dissemination of the entire chart. In addition, communications with patients via emails must be accompanied with the necessary recordings in the patient’s medical charts. The purpose of this rule is to ensure that all communications are warranted and that only the required information is provided through these communications. In ensuring the security of patient records, users of the databases must limit access to the medical records and charts of patients. In fact, only the medical team involved in the care of the patient should have particular access to the information of the specific patients. As thus, doctors must not have access to health information of patients that are not under their care (Annas, 2010). Finally, users must verify and confirm that the persons requesting for patient information correspond with the entries in the charts to avoid giving such information to impostors.

The security of the computers used to access health information is also important in sustaining compliance with eth HIPAA regulations. It is therefore paramount that the security of such computers is ensured and that their access is limited to authorized users. For instance, the computers must be set in such a way that their screens are only visible to the receptionist and that people visiting the area cannot see health information even by accident. The passwords used to access such computers as well as secured websites must be kept away from the eyes of the general public. In fact, such information should not be visible to outsiders even through the windows. The computers must be set in such a manner that they do not remember passwords for both logins and access to secured websites (Mercuri, 2012). It is highly important that such regulations be followed to ensure that the legal requirements of the Act are met.

Most hospitals use the fax system in communicating and exchanging health information. In this regard, the security of the fax system has a direct implication on the successful compliance with the HIPAA regulations. The fact that faxing patient information does not require the authorization from the patient makes the system one of the most vulnerable. Consequently, therefore, information shared through the fax must only be to specialists that are known to be seeing the patients and should follow a referral from a doctor. In cases where the doctors are not sure of the authenticity of the requests, they should demand patient authorization. Another conduit for misuse of health information is through the transfer to insurance companies and this must be adequately secured. As thus, any request for health information by health insurers must be accompanied by an authorization from the patient (Annas, 2010) and must be time specific indicating the starting and ending date of the information sought.

In the process of documenting health information, users are bounds to copy the information thus exposing it to vulnerability. Different offices within the hospitals require continuous copying of health information for purposes of filing and reporting. These channels may fall prone to illegal copying thus exposing health information to unauthorized usage both within and outside the health centers. The copying and duplication of information relating to patients especially when it is specific information must be accompanied with the requisite authorization. As such, the information should be kept private and the names of the affected individuals kept anonymous to avoid cases of misuses of the information.

In terms of printers, their security is a concern in the compliance with the HIPAA requirements. As is the case in most hospitals and health centers, the use of printers is often widespread with applications in different departments. The fact that these devices are often overlooked is a major source of concern for the enforcement of the regulations. In one famous case, Affinity health Plan failed to erase health information from the hard drives that were contained in the leased printers before they eventually returned the printers back. The result was an exposure of more than 30000 records leading to losses of more than 1 million dollars in settlements (Kulynych & Korn, 2013). The company is not alone in such breaches as is attested by a myriad of other companies over time. To ensure the security of the devices, the users must incorporate authentication and audit measures to ensure only the authorized users access the information. In addition, data used should be encrypted and the hard drives in use removed after the termination of these processes. Such measures, when successfully implemented can reduce the chances of printer device misuse and enhance compliance with the stipulated regulations.

The use of texting by medical staff could put the security of the healthcare facility at risk and thus violate the HIPAA law. Indeed, SMS text messages have been banned under the HIPAA laws and are only allowed under specific conditions. The rationale for the consideration is based on the fact that text messages do not have the requisite security measures and can expose health information to unauthorized access. One scenario in which texting violates the HIPAA law is where a doctor text protected health information to the members of their care team (Mercuri, 2012). This is particularly illegal where the information shared contains the name and contact of the patient. The second scenario where texting is illegal within the HIPAA law involves a medical staff receiving text messages from their answering service. While the medical staff could argue that they only received the message and had no control, it is their responsibility to ensure that the messages do not violate the regulations set. In these messages, the services included the names of the patient and the condition they are suffering form. The medical staff should thus contact their answering service to insist on protection from HIPAA violation. Lastly, a doctor may text a patient using their phones in an unencrypted fashion thus exposing the protected health information to unauthorized access. The incorporation of more patient data on the message further complicates the matter as they form part of the PHI.



Kulynych, J., & Korn, D. (2013). The New HIPAA (Health Insurance Portability and Accountability Act of 1996) Medical Privacy Rule Help or Hindrance for Clinical Research?. Circulation, 108(8), 912-914.

Wu, S. S., & American Bar Association. (2014). Guide to HIPAA security and the law. Chicago: ABA Section of Science & Technology Law.

Annas, G. J. (2010). HIPAA regulations-a new era of medical-record privacy?. New England Journal of Medicine, 348(15), 1486-1490.

Mercuri, R. T. (2012). The HIPAA-potamus in health care data security. Communications of the ACM, 47(7), 25-28.



Do you need an Original High Quality Academic Custom Essay?