3. HIPAA
*Privacy and Security Rules
*Health Information Technology
for Economic and Clinical Health
(HITECH) Act
*Big Data Era
*Limited Reach Figure 1
6. REFERENCES
• Cohen, G., Mello, M. (2018). HIPAA and Protecting Health Information in the 21st Century. JAMA,
320(3), 231–232. doi:10.1001/jama.2018.5630
• Figure 1: HIPAA acronym defined. Reprinted from Healthcare Law News. (2015). HIPAA Security
Breaches Raise Bar for HIPAA compliance. Retrieved from https://www.nelsonhardiman.com/hc-
law-news/hipaa-security-breaches-raise-bar-for-hipaa-compliance/
• Figure 2: Training, skill, develop sign. Reprinted from Provider Trust. (2016). Compliance Training:
Look at the Outcomes! Retrieved from https://www.providertrust.com/blog/compliance-training-
look-at-the-outcomes/
• Fox News. (2008). Report Over 120 UCLA hospital staff saw celebrity health records. Retrieved
from https://www.foxnews.com/story/report-over-120-ucla-hospital-staff-saw-celebrity-health-
records
• Wolper, L. F. (2011). Health care administration: Managing organized delivery systems. Sudbury,
MA: Jones and Bartlett Publishers.
Editor's Notes
In the following discussion, we will discuss what HIPAA is, HITECH, Big Data Era, and HIPAA’s limited reach. Then we will go over training that would be given to employees and patients that could help avoid breaches of confidentiality and personal health information. Finally, we will discuss the effectiveness that the training will have on personnel, including getting involved, sense of ownership, loyalty, and knowledge. When I world continues to grow and advance, managers have to grow alongside in order to keep the trust and reputation of their organization good.
Health Insurance Portability Accountability Act (HIPAA) is a law that was created to protect the personal health information of patients. The Health Information Technology for Economic and Clinical Health (HITECH) Act is an amendment from HIPAA to include the challenges that come from electronic health records (Cohen & Mello, 2018). The big data era has brought upon even more challenges when it comes to electronic health information. There is only so much reach and coverage that HIPAA can handle. HIPAA does not cover health care data that is generated by a noncovered entity or social media accounts that are patient-generated (Cohen & Mello, 2018). HIPAA needs to expand the scope on what it covers, so that protected health information can be protected with the technology advances. Security systems have to get stronger in order to protect against the continues threats to health care information.
Security issues are one of several areas that managers need to make a priority when dealing with health care information technology (Wolper, 2011). In the Fox News article, it was the employees that breached the security of celebrity patients (Fox News, 2008). Many of the security breaches that happen can be prevented and are due to lack of knowledge or accidents. Security awareness and confidentiality training needs to happen on a regular basis for employees and patients. Initial training for employees would be at hire and then bi-annually online, and annually in-house. Training in-house will be led by the Chief Information Officer of the organization. Online training will be through HIPAA and HITECH recommendations. All training will contain the most up-to-date data and information in order to protect the organization, employees, and patients.
Patients need to understand their rights and responsibilities when it comes to their personal information. They also need to understand the importance of the safeguards that are in place and how to help the organization keep their information protected. Feedback from patients will give the organization ideas on how to better inform patients in the future and what areas they feel are the most vulnerable.
Effective training can give employees and patients a sense of ownership by involving them in the process. Safeguards, passwords, encryption, and all the other techniques set in place to protect against hackers are not 100% effective. The training given will make people more aware of the seriousness of protecting the information and being more vigilant about the information that they are protecting. In the article, the employees were disloyal to the organization and the patients. Employees that are loyal to the organization will help keep the organization safe by not only following the training, but also looking for signs of disloyal employees. Knowledge of HIPAA, HITECH, safeguards, and how to stay protected is the first step in having a strong team with the same goals. Managers must understand the importance of the training and maintain the continuity and growth of the program.