Implications of HIPAA and Subsequent Regulations on Information Technology

Implications of HIPAA and Subsequent Regulations on Information Technology

Payod Soni (University at Buffalo, USA)
DOI: 10.4018/978-1-5225-2604-9.ch004


Abysmal state of policies governing the health plan providers lead to a huge discontent amongst the public in regards to their health plan besides privacy and security of their medical records. Anyone with access to the patient's medical records could potentially share it with parties like health plan providers or the employers. To address the privacy and the security of patient's medical records, Congress enacted HIPAA in 1996. Chapter starts with discussing the need for HIPAA. Subsequently, we discuss HIPAA at considerable depth. Significant additions and changes were made in subsequent acts and amendments due to pressing policy needs and to address various loopholes. The chapter provides a chronological recount of HIPAA since its introduction. Once the reader develops a complete understanding of HIPAA regulation, we shift our focus to the compliance to HIPAA. We delve deeper into implications of HIPAA on healthcare organizations and the information technology world.
Chapter Preview

State Of The Federal Healthcare In The Us Before Hipaa

The inception of the idea of HIPAA started in the early 90s. Before HIPAA, there was an underlying discontent amongst the Americans about their health coverage. According to ERISA, the states were prohibited to regulate the health insurance of about 60% of the employees who chose the route of self-insurance. There was a growing feeling of anguish in the people who suffered due to the system even after 47 states had rules to regulate the insurance. Few cases surfaced where the employees working in self-insured companies lost their coverage due to terminal illness within their families. People feared to change their jobs because they would not be able to continue their or their family’s insurance coverage. Many people who were self-employed were not able to afford insurance premiums without getting a tax benefit, which others got through their employers. There was a lot of discrepancy regarding what health insurance could get people an exemption in their taxes.

There was also an increased fear amongst people to seek medical care due to no laws that prevented the medical records from being disclosed. There were no specific laws that catered to the privacy and security of the medical records with all the focus being on the financial sector. Although each state did have laws that catered to the privacy of the healthcare information, there was a dire need of consensus amongst the various laws and the states to arrive at one common set of standards. This need arose from the fact that there was an increased use of computers and technologies in the medical landscape. Also, there were many players in the healthcare industry much more than when paper-based records were being used. The information needed to be exchanged between a lot many hands than before and the patient’s data was much more vulnerable and there was a clear need for one set of standards and laws concerning privacy and security of the patient’s medical records.

Meanwhile there was were a lot of cases that came into light which put light on the condition of the ignorance of the privacy and security in the context of the medical records of the patient. Few such cases before the introduction of HIPAA are cited below:

  • 1.

    An employee of the healthcare department in Tampa, Florida sneaked out a disk containing the information of about 4000 patients who had been tested positive for HIV (as reported by USA Today, October 10, 1996)

  • 2.

    A woman from Nevada after purchasing a used computer discovered that the system still had the prescriptions of the customers of the pharmacy that previously owned the system. The data that was still there on the system included names, addresses, social security numbers and a list of medicines that the patient had purchased. (as reported by The New York Times, April 4, 1997, and April 12, 1997)

  • 3.

    A speculator bid $4000 for the patient records of a family practice in South Carolina. Among the businessman's uses of the purchased records was selling them back to the former patients. (as reported by The New York Times, August 14, 1991).

  • 4.

    A few weeks after an Orlando woman had her doctor perform some routine tests, she received a letter from a drug company promoting a treatment for her high cholesterol. (as reported by Orlando Sentinel, November 30, 1997).

  • 5.

    A banker who also sat on a county health board gained access to patients' records and identified several people with cancer and called in their mortgages. (See the National Law Journal, May 30, 1994),

  • 6.

    A physician was diagnosed with AIDS at the hospital in which he practiced medicine. His surgical privileges were suspended. (See Estate of Behringer v. Medical Center at Princeton, 249 N.J. Super. 597).

  • 7.

    A candidate for Congress nearly saw her campaign derailed when newspapers published the fact that she had sought psychiatric treatment after a suicide attempt. (As reported by The New York Times, October 10, 1992, Section 1, page 25)

  • 8.

    Consumer Reports found that 40 percent of insurers disclose personal health information to lenders, employers, or marketers without customer permission. “Who's reading your Medical Records,” Consumer Reports, October 1994, at 628, paraphrasing Sweeny, Latanya, “Weaving Technology and Policy Together to Maintain Confidentiality,” The Journal Of Law Medicine and Ethics (Summer & Fall 1997) Vol. 25, Numbers 2,3.

Complete Chapter List

Search this Book: