Riding the HIPAA Wave

Posted on ACROSEAS.com by Dr.Charu A Chitalia

Every act or a statute conveys an objective to be achieved. The objective of HIPAA, which stands for Health Insurance Portability and Accountability Act, is to protect patient security and privacy. An act introduced by the U.S Congress in 1996, and augmented April of 2003, HIPAA was predominantly focused on easy portability of patient health information (PHI) for easy health insurance coverage in spite of shifting jobs and locations.

The concept of “portability” brings an increasing thrust on “accountability.” The portability of health information is beneficial to the patient, the physicians who record and refer back to the patient’s history and the insurance companies  which settle the medical claims of the patient. Because HIPAA is used as a resource by three different parties, the risk of information breach is very high. It is a practice-driven policy where extra care needs to be taken during the transfer and storage of information. It is to be noted that for any kind of transfer, the form of the record is vital. The implementation of HIPAA paved the way for electronic versions of the patient health records (PHRs), which required an urgent enforcement of technology based regulations.

Come 2009, the heat was felt and the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the America Recovery and Reinvestment Act (ARRA), was signed in the month of February by President Obama and was to come into affect by 2010. This emphasized the need and importance of going paperless when it came to PHRs. This brought in a practical way of implementation of HIPAA and gave it more importance to take affect.

All the three acts — HIPAA, HITECH and ARRA — collaboratively focus on tightening the healthcare screws when it comes to patient information, use of technology and its benefits, and the penalties in cases of non-compliance. It is to be noted that prior to the enactment of HITECH, HIPAA was looked at as a mere set of rules and regulations on paper. The proposed requirements under the HIPAA were so stringent that it wasn’t practical enough to implement. For example, HIPAA requires the exchange of information through a secured encrypted email carrier. However, in reality, the healthcare professionals typically preferred the convenience of the act, rather than the security it provided. The professionals were known to use cell phones and personal laptops, which would not only overlook a secured network, but also force other issues like loss of data, attacks and malicious activities by the hackers and other third-party intruders. Previously, saying that one’s record-keeping method was “HIPAA compliant” may not have been strictly true, even though it’s clear that being so is only good option.

As we are into another decade and the legions of law are looming over the healthcare industry, it is only advisable to stay put to non-fraudulent practices and monitor every move. Because the eyes of the healthcare police are on us and they wouldn’t blink in today’s age.