Posted: August 9th, 2022

HIPAA Compliance Analysis

HIPAA Compliance Analysis
Unwarranted exposure of private information remains one of the most alarming and most likely sources of conflict between a patient and their institution of care. Patient’s documents’ privacy remains to be as important as the care the hospital gives to the patients medically. Therefore, privacy violations continue to be as unprofessional as just any other aspect of irresponsible caregiving within the medical field. HIPAA is a law on privacy and security standards has several important requirements for reducing and addressing breaches. Community Dental case study outlines a variety of compliances in procedural interaction with the patient that are aimed to ensure HIPAA compliance.
Private Health Information (PHI) under the HIPAA Law is regarded as identifiable health patient information stored, maintained, and often to be used strictly under HIPAA guidelines. Some of the electronic and non-electronic information constitutes personal data, and if compromised, they might be used to harm the patient’s well financial and physical well being (Pozgar 2019). The Community Dental has been identified to have a variety of PHI to include X-Rays and third-party lab results in physical (non-electronic sources). Electronic sources that have been identified in the case study include the patient’s insurance details, patients records on their social security information, Dates of Birth, Health plan numbers, contact information, and their medical diagnosis codes, patient emails, and contacts most of which are accessed to either allow the patient to pay for services or be contacted by the Community Dental.
Pozgar (2019) the U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) work together to enforce HIPAA laws. Moran et al. (2004) identify that the OCR has the power to receive and investigate complaints against any covered entity on issues surrounding the privacy rule. Ziel (2004) identifies that HIPAA privacy regulation requires covered entities to implement administrative, technical, and physical safeguards necessary to protect patient information. These policies work to protect and control the access, removal, and storage of a patient’s PHI. They also dictate who, when, what, why, and how the data can be accessed. All processes involving the patient need to be communicated to them inform of writing unless there is express permission provided by the patient on their data. The Community Dental has some very foundational basis installed to ensure patient data is safe guarded most of which center on electronic storage of patient information and provision of back up to mitigate against loss.
Some of the safeguards that have been instituted by the hospital include partitioning of consultation rooms, for greater patient’s privacy, and excluded computer servers as well as their physical back ups, to ensure patient data is not lost. The case study outlines that a database server containing patient data is stored in an excluded closet. A small library tape library used for backing up the data is placed next to it to relay data from the front desk computer and printer. The back up server is in the dentist office, and it is only accessible to the two of them. The VPN server only accepts incoming connection from the dentist’s home computer, and has a bothway connection between the North and South Offices to provide patients access to their data.
The Community Dental can be deemed to be in direct compliance with the 2009 Stimulus Bill. This is regulation that places additional responsibilities on all parties with access to patient information for financial accountability to protect them. Community Dental is categorically compelled to allow the patient access and direct control to their medical record and uses a variety of safeguards such as the backup server, and physical copy storage to ensure their integrity. This allows them to ensure little risk if at all is subjected on patients data. Failing to protect their private healthcare information, will see the Community Dental be held liable before the law.
Further research identifies that the regulators at the office of civil rights can cite any healthcare regulator for the slow in response to notify the OCR of any data breach, compromise and denial of access to the patient (Hecker and Edwards, 2014). A high speed internet, firewall and VPN provides adequate security and as such positions the Community Dental in a position to report and provide direct line of communication in case of a data breach. Other safeguards that are necessary should be in regard to the training of employees. There should be no gaps in employee training with up-to-date HIPAA law guidelines on how to handles confidential documents, as this can render the Community Dental liable. While this is not communicated in the case study, there is a well defined procedure on who gets access to the data, as it is a small office practice.
The Health Insurance Portability and Accountability Act (HIPAA) is mostly associated with a patient’s privacy. The provision under the law is meant to maintain a patient’s data integrity and ensure that the patient’s data’s confidentiality is maintained to prevent any harm by access from a third party. Miller and Schlatter (2011) identify that under the law, the covered entity has the most power on how their information can be disclosed, most often requiring a written authorization. Covered entities can share their PHI in circumstances where they require treatment. The receiving entity is required to maintain and follow HIPAA regulations and standards in using the documents.
HIPAA security requirements, revolve around the training of employees to familiarize them with the updated guidelines and additional regular monitoring of the general systems to identify the problem. While the Community Dental appears to be a small practice, they nonetheless need to fulfill the requirements. The safeguards fall under three categories the administrative: to ensure training and regular assessment, technical which included encryption of the documents and physical surprise monitoring, and limited access to PHI relative to the amount of training offered to employees. They have achieved the technical part of the safeguarding requirements. HIPAA identified a need for the development and implementation of policies and procedures that incorporate risk assessment and a risk management plan (Moran et al., 2004). Community dental needs to provide an elaborate list that highlights access and control of the facilities where documents are stored and also incorporate physical safeguards that give additional oversight to software protocols governing the media files’ storage.
HIPAA laws provide privacy safeguards to patient information, often controlling how third party entities use patient data. They are created to ensure that the patient provides consent to the use of their data. Companies that require the patient’s data are required to fulfill certain preconditions and maintain certain safeguards to prevent the loss of access to patient information without the patient’s authorization. Failure to offer adequate protection may result in litigation against the company.

References
Hecker, L., & Edwards, A. (2014). The Impact of HIPAA and HITECH: New Standards for
Confidentiality, Security, and Documentation for Marriage and Family Therapists. American Journal of Family Therapy, 42(2), 95–113. https://doi-org.sbcc.idm.oclc.org/10.1080/01926187.2013.792711
Miller, R., & Schlatter, T. (2011). NAVIGATING HIPAA IN CLAIMS LITIGATION. GPSolo,
28(6), 26-27. Retrieved December 6, 2021, from http://www.jstor.org.idm.oclc.org/stable/23630426
Moran, M., Holloman, S., Kassler, W., & Dozier, B. (2004). Living With the HIPAA Privacy
Rule. Journal of Law, Medicine & Ethics, 32(4), 73–76. https://doi-org.sbcc.idm.oclc.org/10.1111/j.1748-720X.2004.tb00193.x
Pozgar. G. (2019). Legal Aspects of Health Care Administration. Burlington, MA. Jones &
Bartlett Learning
Ziel, S. E. (2004). Guard against HIPAA violations. Nursing Management, 35(4), 26–27.
https://doi-org.sbcc.idm.oclc.org/10.1097/00006247-200404000-00009

Check Price Discount

Study Notes, Research Topics & Assignment Examples: Assisted Suicide »Ethics of Sentencing