Healthcare information privacy

Page 1

Healthcare Information Privacy July 2013

Overview Medical records (or healthcare information) are created while patients receive treatment from health service providers such as a physician, nurse, dentist, chiropractor, psychiatrist or hospitals. These medical records may include a person’s medical history, details about his/her lifestyle (such as smoking or involvement in high-risk sports) and family medical history. Additionally, the records contain laboratory test results, medications prescribed and reports indicating results of operations and other medical procedures. Results of genetic testing used to predict a person’s future health and information about one’s participation in research projects can also be included in the medical records. Information provided by someone on applications for disability, life or accidental insurance with private insurers or government programs can also become part of the person’s medical file. Apart from these, healthcare information also contains healthcare financial information of the patient (such as insurance details). Healthcare information of patients is required by insurers in the event of change of health plan and by physicians during emergency-room treatment, in addition to such information requirement to other stakeholders such as hospitals, government agencies, employers, etc.

Importance of healthcare information privacy Healthcare industry in the US is adopting electronic health records (EHRs), which will create multiple and more expansive databases in numerous locations. There will be an increase in the number of people with access to healthcare information, thereby increasing chances of this information to be accidentally or intentionally disclosed, lost or stolen. Hence, this new technological capability of electronically storing medical records calls for greater measures to be adopted to safeguard healthcare information. Patients may avoid treatment if they are not confident that information about them will remain private as many illnesses and treatments, if divulged, may lead to social "A thief downloading and stealing stigma and discrimination. Patients may also be at risk of losing data can get $50 on the street for a personal and financial information (like social security numbers, medical identification number insurance and other financial information), leading to compared to just $1 for a Social application for fraudulent loans, take-over bank accounts, or Security number. For those receiving charge purchases to credit cards. On the other hand, personal the medical ID number and using it healthcare information may also be used by criminals to to defraud a health care commit traditional medical fraud, which typically involves organization, the average payout is billing payers (e.g., Medicaid/Medicare or private healthcare more than $20,000” insurance) for the treatment never provided. However, the - Pam Dixon, Executive Director, potential damage from a healthcare information breach to the World Privacy Forum patient and the payer is unlimited.

Regulations in the US to safeguard healthcare information privacy The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to Healthcare Information Privacy

Page 2

health plans, healthcare clearing houses, and those healthcare providers that conduct certain healthcare transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. It also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, will promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

Healthcare information privacy – a major factor for choosing a hospital Hospitals are a major source of healthcare information. The examples below show how patient healthcare information has been leaked from hospitals:

The above-mentioned healthcare information leaks from hospitals clearly indicate the apprehension of patients before choosing a hospital to get treated and share their healthcare information.

Healthcare Information Privacy

Page 3

In January 2013, the US Department of Health and Human Services (HHS) made changes to the law to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The changes in the final rulemaking provide the public with increased protection and control of personal health information. Hospitals can use one or more of the following steps to enhance healthcare information privacy: Strong authentication and data encryption are methods to enhance healthcare information protection. Patient authentication can be one of the simplest yet most effective methods in preventing medical identity theft Technology solutions such as biometrics, smart cards or electronic patient records may be able to assist providers in verifying patients’ identities based on past histories, demographics or facial photographs Other strategies might include dividing information up so that no one person has all the information that might be used for fraud. For instance, an organization could make Social Security numbers inaccessible to workers in the billing department Information systems can be configured to enforce role-based access to data and boost HIPAA compliance – An ER admissions worker should not have access to patient treatment information Monitor employee computer activity on a regular basis, especially to detect unusual or inappropriate access, transmission or printing of patient information

The benefit that an electronic health record provides far outweighs the challenge it poses in the form of fraud and theft of patient information. Greater degree of security measures and supporting regulations for healthcare information privacy may help reduce anxiety of the patients.

Healthcare Information Privacy

Page 4

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.