HIPAA Research

  • Uncategorized


The Health Insurance Portability and Accountability Act (HIPAA)

As an act, the HIPAA was approved by President Bill Clinton on August1, 1996. Originating from the Congress, the bill aimed at increasingthe number of Americans with health insurance and improving thehealth standards in the country. The act was divided into threeprovisions- portability, tax, and administrative simplification. Theportability provisions sought to protect the rights of insuredAmericans as they changed jobs. The administrative simplificationprovision made clear guidelines for the transmission of patientinformation using electronic means in the wake of computerizedcommunication. This essay analyzes the impact of HIPAA on theAmerican health sector since its inception.

According to HIPAA, protected health information pertains to severalpieces of information regarding the patient that should not be sharedwith unauthorized persons. For the information to be classified asPHI, it must be identifiable to the patient. This informationincludes the individual’s past, present, and future mental healthcondition of the patient, the kind of healthcare provided to thepatient, and the payments made by the patient towards healthcare(hhs.gov, 2016). Other demographic information that identifies theindividuality of the patient includes name, address, birth date, andsocial security number. The Act therefore prohibits the inappropriatedissemination of such information through paper, electronic means, orby word of mouth.

Privacy and security of PHI are different concepts that gohand-in-hand. The privacy rule focuses on the right of the individualto control the use of his personal information. Any person that theindividual would not like to have access to PHI should not be allowedby the organization either. The security rules are directed to theadministration in regards to safeguarding PHI. Any person in chargeof PHI of patients should ensure that it does not land onunauthorized persons in storage, or while still in transit. Thesecurity laws are especially directed towards ePHI that is stored incomputer hard drives, memory cards, memory sticks, and intransmission networks such as email and intranet.

HITECH seeks to accelerate the adoption of electronic health recordsamong all healthcare providers. The Act that was passed in 2009 seeksto improve the handling of information while in electronic mode. Tosome extent, the Act is an extension of HIPAA because it alsoaddresses the issue of privacy and security of electronicinformation. HITECH creates a legal liability on healthcare providerswho contravene the privacy and security provisions of HIPAA. Sincethe whole country intends to go electronic, it is only logical thatthere are laws that enforce the security and privacy of ePHI. HITECHcame in place to enforce the security and privacy provisions ofHIPAA.

The violation of HIPAA could attract civil and criminal charges. Ifan individual violates HIPAA unknowingly, he is liable to a fine of$100 per violation (American Medical Association, 2016). Violation ofHIPAA due to negligence will attract a penalty of $1000 perviolation. A violation of HIPAA due to willful neglect will cost theviolator a penalty of $10,000. Willful neglect in this context refersto a person who knows what constitutes neglect but goes ahead to doit anyway. Finally, any willful violation of HIPAA will attract afine of $50,000. Willful violation could be a result of bribery inorder to leak the ePHI of a prominent person in the society.


American Medical Association. (2016). HIPAA Violations andEnforcement. Retrieved from&lthttp://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page?&gtaccessed August 17, 2016.

Hhs.gov. (2016). Health Information Privacy. Retrieved from&lthttp://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/&gtaccessed August 17, 2016.

Close Menu