Introduction: Health Insurance Portability and Accountability Act (HIPAA) was created in the year 1996. This ACT was created to stop, fraud and illegal practices that disturb the health care industry and medical billing entities. This ACT promotes information saving and saves medical accounts. Mainly this ACT cover doctors, hospitals, and whoever is related to the health care industry, from disclosing personal information of patients to others who are not related to the patient. Patients are not covered in this ACT. They can disclose their medical information to whomever they want. There are some questions that we will discuss in this article like: why this Law is needed, what if this law breakdown, what are the penalties, and some more. Let’s have a look at this part.
WHY THIS LAW/ACT IS NEEDED:
Medical billing industry related to patients, Doctors/Hospital & Insurance. Where mainly all patient information rotates from one point to another. This information part includes patient address, phone number, work details, family details, health history (basically all diseases patients had or have at this time). Now no one wants to share their personal information with an unknown person especially about the diseases (Some diseases like HIV+, Cancer, etc). Just to prevent this information from disclosing without patient concern this ACT was created. About disclosing this was not done by purposely every time. Sometimes mistaken information is sent to other entities through email or courier or some other way. Just because of this mistakenly part this ACT has a different segment to penalize the accused person.
What if the information is disclosed:
As we discussed above no one wants to share their personal information with anyone, especially the diseased part but some time purposely or non-purposely this information could be disclosed? Here we look at these two points.
1. Purposely disclosing information: Every office or work culture has positive and negative entities who do unexpected work. Here we are talking about doctor offices or hospitals, or medical billing companies that have many employees working for them but sometimes these negative entities capture some personal information for their benefit and try to use that in different places without any concern from a patient. They can catch information from a computer, physical files, and note/store information on paper, pen drive, in mobile phone or any electronic gadget. Just to prevent this, there are several tips and tricks available. Mainly doctors, hospitals, and medical coding and billing companies use the ISMS system to save information. ISMS is an information security management system, this contains a certification that was done by an authorized partner, who checks the work area on the information security perimeter. In ISMS you got the instruction, how you find loop wholes about information breaching and what you can do to prevent them before any action happened. The person found out doing this kind of work will be penalized accordingly as per HIPAA. They must pay an amount and stay in prison as well.
2. Non-purposely disclosing information:
In this situation person mistakenly shares the information through EDI like email or fax or some other way. But in that case, that person must inform the HIPAA OFFICER about the breaching, so they can stop information from further distribution, and in this case, that person is not penalized as in a purposely done case. Again, here ISMS provides major knowledge about information breaching and how we prevent them.
