Patient Confidentiality and HIPAA
Heather Lyday
HCIS/245
November 8, 2015
Kathleen Healy-Collier
Patient Confidentiality and HIPAA The Health Insurance Portability and Accountability Act or HIPAA, is a law that is meant to; improve portability and continuity of health insurance coverage combat waste, fraud, and abuse in health insurance and healthcare delivery, promote use of medical savings accounts, improve access to long-term care, and simplify administration of health insurance. The HIPAA privacy standards are designed to protect a patient’s identifiable health information from unauthorized disclosure or use in any form, while permitting the practice to deliver the best healthcare possible. To comply with the law, privacy activities in the average medical office can be: providing a copy of the office privacy policy informing patients about their privacy rights and how their information can be used, asking the patient to acknowledge receiving a copy of the policy and/or signing a consent form, obtaining signed authorization forms, adopting clear privacy procedures, training employees so that they understand the privacy procedures, designating someone to be responsible for seeing that the privacy procedures are adopted and followed, and securing patient records containing individually identifiable health information so that they are not easily made available to those who do not need them. Failure to comply with HIPAA can result in civil and criminal penalties. The American Recovery and Reinvestment Act of 2009 (ARRA), established a tiered civil penalty structure for HIPAA violations. The Secretary of the Department of Health and Human Services (HHS) still has the right in determining the amount of the penalty based on the nature and extent of the violation, and the extent of the harm resulting from the violation. For example; if there was a HIPAA