Privacy is an issue of serious concern. The need for privacy is what makes us keep personal information to ourselves and be very selective about those that we share it with. Privacy is also the reason we are careful with those who share personal information about us and especially without our consent. For those involved in the health care profession, there are certain regulations that are put in place for purposes of ensuring the smooth running of the organizations and the avoidance of conflict between health care professionals and the patients. In most instances, the regulations which are enacted at various government levels affect the health care organization. For instance, the procedures to be followed in the sharing of patient information. The paper seeks to address patient confidentiality especially as it is enacted and as it affects organizations that deal with alcohol and drug (substance) abuse.
Health care regulation.
According to Cole and Oxtoby, confidentiality is the right of an individual to have not only personal but also identifiable medical information kept private. Confidentiality is the right accorded to a patient by a medical organization to keep his/her personal medical information including records from access by others especially those who are not part of the medical personnel in the organization (2002).
In the US, patient confidentiality was protected by the federal statute in 2003. The Health Insurance Portability and Accountability act of 1996, (HIPAA) is one critical health care regulation. According to the Act, all professionals and organizations, either in health or other sectors, are required by law to guard their customers or patients’ privacy (Carter, 2002). Accordingly, individuals are expected to give their consent in writing for any and all releases of medical or health related information (Landrum, 2003). Employees working at all levels in the different organizations are also expected to maintain confidentiality (Rosenbaum, 2003). In the Act it is also expected that in the event that any information about a patient is to be released to a third party, the type of information that can be released should first be identified. Also, the people granted access to the information should also be identified in addition to stipulating the length of time for which the release is valid (Carter, 2002).
While the HIPAA regulated was enacted in 1996, it was however, only fully implemented in 2003. The Act is implemented by the United States Department of Health and Human Services (O’Neill, 2002). Consequently, it is not a new regulation rather one already in place. the HIPAA provides guidelines that seek to ensure patient confidentiality. HIPAA is a federal regulation that is not affected by state regulations (Encyclopedia of Surgery, 2007).
The issue and /or problem that the regulation is addressing.
With the growth of information and communication technology, the sharing and access of information has become much easier. Moreover, the world has been transformed into a global village. According to the journal, issues in science and technology, the Health Insurance Portability and Accountability Act of 1996, was prompted by concerns from different quarters that the increased use of information in record keeping and the increased need of insurance and health care professionals to share data amongst themselves, was resulting in the misuse of confidential patient medical information (1999).
The government saw the need to put in place the HIPAA because the dominance of third party payers and health care organizations had eroded patient confidentiality. The aim of confidentiality is to maintain a good relation ship between a patient and the physician. In the event that private information is shared with all without any form of discrimination, patients lose faith not only in the health care professional but also the organizations themselves. More over, it exposes the health care professionals and the organizations to law suits. It is not unheard of for patients to sue their health care professionals who may have released any information pertaining to their health. Consequently, large amounts of money that can be put to better use is spent as part of the legal costs (Encyclopedia of Surgery, 2007).
Drug related activity and substance abuse treatment could form the basis for prosecution in criminal cases at the federal level. However, it was noted that patients may opt not to seek treatment out of the fear that they might be rutted out by the health care professionals. Consequently, the HIPAA was enacted for purposes of providing confidentiality and limiting information disclosure that could lead to the identification of the identities of patients. It can then be argued that it was a policy decision. Drug abuse is an issue of serious concern requiring the formulation of workable policies in order to effectively deal with it (Encyclopedia of Surgery, 2007).
What level of government issued and which agency within government developed the regulation.
While different states have enacted laws that seek to protect the confidentiality of health care information, the Health Insurance Portability and Accountability Act is a federal government regulation (O’Neill, 2002). It was introduced to Congress by the Senate (Issues in Science and Technology, 1999)
Health care agency impacted by the regulation.
According to Love, different health care agencies have taken it upon themselves to identify the kind of entities they are under the HIPAA. Consequently, there are non covered entities, the covered and the hybrid entities. A hybrid entity may then be described as an entity using or divulging what is referred to as protected health information or PHI for only a fraction of its business process (2003). An example of a hybrid entity is a corporation not directly involved in the health care industry but operate for instance on site health clinics conducting the HIPAA standards via internet. Insurance companies are also classified as hybrid entities for the simple fact that their business also includes health insurance which also requires the collection of patient information. (Hybrid entity, 2005) On the other hand, a covered entity is an organization that regularly handles what is considered to be protected health information (Hybrid entity, 2005).
Strengths and weaknesses of this regulation and how the regulation will impact the agency or the patients served by the hybrid agency.
According to Love (2003), the implementation of the HIPAA was a step in the right direction. For one it provided the much needed frame work for the protection of patient’s identifiable health information. It is imperative that physicians stick to the guidelines before they share out patient information. this helps to maintain trust between patients and their physicians. It would be correct to conclude that substance abusers may decline to seek treatment for their conditions if they as much suspect there is a possibility that their close friends and relatives may access that information. In most instances, patients with substance abuse problems prefer to keep it under wraps as much as possible. Another strength of the regulation is the fact that they have helped to strengthen More over, the regulations have helped to establish boundaries governing information use and disclosure. this has helped to build trust between patients, health care professionals and the organizations. the ability of patients to understand and ultimately control what happens to their health information. Nonetheless, the HIPAA regulations may not be considered to be perfect and a lot of time is necessary for all the issues to be effectively sorted out. Still, the regulations need some refining (Love, 2003).
According to Love, the most significant impact the HIPAA regulation has had on public health has been affecting their ability to collect information from covered entities. The regulation makes it hard for the hybrid entities to distinguish the sources of request for personal health information from the covered entities. It becomes considerably hard to tell whether the request may be coming from the non covered entity within the hybrid agency for public health purposes or from the covered entity within the hybrid agency (2003).
Response to the regulation.
The HIPAA regulation is to be supported for the simple fact that it has provided the necessary frame work for the protection of private health information. If it were not for the regulation third party payers and health care professionals and organizations would long have eroded patient confident by availing information by quarter. It has prevented lawsuits and made the control of substance use that much easier. Substance abusers are able to seek help because they are guaranteed of privacy. Because of the regulations, faith has been restored in health care professionals, thus patients are able to seek their help and lawsuits are avoided.
Steps to implement the regulation
According to Love, the best way that the regulations may be implemented is through education. The education should be targeted at the health plans such as HMO’s. While the regulation framework is in place the next thing to do would be the coordination. Technical assistance and guidance should be offered to the hybrid entities by professional for effective and efficient implementation (2003).
Patient confidentiality is crucial in health care. It is for this reason that such regulations such as the HIPAA, the Health Portability and Accountability Act, was developed by the Senate and enacted by the American Congress. The Act was put in place to protect patient’s personal influence from access just by anyone. The regulation has impacted such health care agencies as covered entities the like son HMO’s and insurance agencies which are hybrid agencies. The regulation has been a step in the right direction as it has helped to ensure patient confidentiality, avoid law suits and instill faith in health care organizations and professionals. Nonetheless, more education is required as most organizations and even professional may not be well informed on the need for the regulation.
Bill to protect confidentiality of medical data introduced. (1999). Issues in Science and Technology. 15.
Cole A. and Oxtoby, K. (2002). Patient power. Nursing Times. 98.
Carter, P. (2002). HIPAA Compliance Handbook 2003. Gaithersburg, Maryland: Aspen.
Encyclopedia of Surgery. (2007). Patient confidentiality. Retrieved Feb. 16, 2009 from http://www.surgeryencyclopedia.com/Pa-St/Patient-Confidentiality.html.
Hybrid entity (HIPAA). (2005). Privacy and data protection project. Retrieved Feb 16, 2009 from http://privacy.med.miami.edu/glossary/xd_hybrids.htm.
Landrum, S. (2003), Patients’ rights and responsibilities. Journal of the Arkansas Medical Society. 99: 222–223.
Love, D. (2003). The impact of HIPAA privacy regulations on public health data functions. Retrieved Feb. 16 2009 from http://www.ncvhs.hhs.gov/031119p3.htm.
O’Neill, M. (2002). Ohio’s patient-physician privilege: Whether planned parenthood is a protected party. Journal of Law and Health. 17.2.
Rosenbaum, S. (2003). Managed care and patients’ rights. Journal of the American Medical