MMHA 6600 Walden University Patient Data Access and Handling Policy Manual Paper

GE N E R ATIONS – Journal of the American Society on Aging By Linda Koontz Health Information Privacy in a Changing Landscape Healthcare providers need to be part of the solution to consumers’ privacy worries, by building trust through education. A t a time when health information is increasingly available online, and clinicians are transitioning from paper to electronic medical records, consumers remain concerned about protecting this highly sensitive personal information. They fear an unauthorized person might see their health information; they might be denied insurance, credit, or employment opportunities; and they’re worried about identity theft, fraud, discrimination, and embarrassment (Dimitropoulos et al., 2011b). The technology for securely storing and sharing health information continues to evolve to allow increased data sharing and aggregation within the healthcare system. While these changes could provide many benefits by reducing costs and improving quality of care, they also present new privacy challenges. gested practices for healthcare professionals to be able to enhance privacy and build trust with their patients. Health Information Privacy Basics The Health Insurance Portability and Accountability Act of 1996 (HIPAA) instituted a national legal foundation for health information privacy. The law established broad principles and called for the Department of Health and Human Services (HHS) to issue detailed privacy and security standards if Congress did not do so within a specified time frame. HHS subsequently issued implementing regulations known as the Privacy Rule and the Security Rule. HIPAA and the Privacy Rule do not apply to every entity that maintains health information but to covered entities—health plans that provide health insurance HIPAA and the Privacy Rule do not apply benefits; healthcare providers such as to every entity that maintains health doctors, other healthcare professionals, and, hospitals that conduct elecinformation, but to covered entities. tronic transactions; and, healthcare This article provides an overview of the clearinghouses that format health data. current framework for protecting the privacy The Privacy Rule permits the sharing of of health information; explores technology health information without patient authorization trends that affect health information privacy; (consent) for treatment, payment, and healthcare discusses the current state of privacy protection operations, and for other specified purposes. All in the healthcare sector; and, describes sugother sharing requires written authorization from Copyright © 2015 American Society on Aging; all rights reserved. This article may not be duplicated, reprinted or distributed in any form without written permission from the publisher: American Society on Aging, 575 Market St., Suite 2100, San Francisco, CA 94105-2869; e-mail: [email protected] For information about ASA’s publications visit www.asaging.org/publications. For information about ASA membership visit www.asaging.org/join. Spring 2015 • Vol. 39 . No. 1 | 97 GE NER ATIO NS – Journal of the American Society on Aging the individual. Most disclosures are not mandatory, giving providers broad discretion in whether or not to share health information with other entities (U.S. Congress, 1996; The HIPAA Privacy Rule, 2013; Koontz, 2013). The HIPAA Security Rule is designed to ensure that health information is protected from unauthorized access and disclosure, and designates the administrative, technical, and physical controls that covered entities must put in place (U.S. Congress, 1996; The HIPAA Security Rule, 2013). Trends in Technology One of the most important technological trends in healthcare is the movement toward electronic health records (EHR) and health information exchange. Largely fueled by government incentive programs, healthcare providers— including physicians, other healthcare professionals, and hospitals—increasingly are storing patient records electronically. The creation of these digitized records will, in turn, enable Pages 97–104 electronic sharing among providers to show a more complete picture of an individual’s health. This will be of particular benefit to older Americans, who are more likely to see a larger number of providers, and to their caregivers, care team, and family (Dimitropoulos et al., 2011a). The goal is that this information will be shared with researchers more quickly and aggregated, analyzed, and turned into actionable knowledge to improve the overall quality of healthcare in this country. Another benefit of EHR adoption is the ability to empower individuals by using technology to make their health information more accessible to them. Providers increasingly are establishing portals or other means to enable patients to view their health information online, download the information, and transmit it to a third party—a provider, relative, caregiver, or anyone else the patient designates. Having electronic access to this information enhances transparency and allows the individual to review its accuracy Privacy Rights The HIPAA Privacy Rule prescribes privacy rights for individuals, which include the ability to: • Receive a notice describing how the individual’s health information is used and shared by their doctor or their health insurer; • Access or obtain a copy of their medical records; • Request correction of information in their medical record or to add information if something is missing; if the provider believes the contested information is correct, individuals have the right to have their disagreement noted in their file; • Find out the external entities with whom the provider has shared their information, referred to in regulations as an “accounting of disclosures”; • Request that a provider not share information in the medical record with certain people, groups, or companies, although providers do not have to agree to restrict the record, particularly if it affects an individual’s care; and, • Request that their healthcare provider or pharmacy not tell their health insurance company about care received or drugs prescribed if the individual pays for the care or drugs in full; in this case, the provider or pharmacy is required to comply with the individual’s request (The HIPAA Privacy Rule, 2013; Office for Civil Rights [OCR], n.d.[a]). 98 | Spring 2015 • Vol. 39 . No. 1 Copyright © 2015 American Society on Aging; all rights reserved. This article may not be duplicated, reprinted or distributed in any form without written permission from the publisher: American Society on Aging, 575 Market St., Suite 2100, San Francisco, CA 94105-2869; e-mail: [email protected] For information about ASA’s publications visit www.asaging.org/publications. For information about ASA membership visit www.asaging.org/join. Self-Empowered Aging Pages 97–104 (Office of the National Coordinator for Health Information Technology [ONC], 2014b). Other trends may benefit older adults in particular, such as remote communications and monitoring systems that can help individuals maintain their independence at home by monitoring vital signs like blood pressure and glucose levels and transmitting data to a physician’s EHR system. Advanced patient monitoring also may that consumers are using to manage health and wellness (ONC, 2014a). The State of Privacy Protection The increasing amount of health information generated that is shared with a host of entities and aggregated also raises concerns about maintaining the privacy of this highly sensitive data. Increased aggregation increases the risk of exposing huge amounts of sensitive information if a breach occurs. Health Increased aggregation increases the risk information may be held by and shared of exposing huge amounts of sensitive with many entities not traditionally thought of as part of the healthcare information if a breach occurs. system and whose actions are not include new devices providing real-time audio currently governed by HIPAA or its regulations. and video to foster communication between Individuals may wonder: What information clinicians and patients (Lewis, 2012). There about me is being collected and maintained? also has been an explosion in the growth of con- With whom is it shared? How is it being used? sumer-oriented health and fitness apps and Is it adequately protected? wearable devices, which collect information for There is some reason for concern. In 2011– use by the individual, their families, and the care 2012, the HHS Office for Civil Rights, which is team (Agency for Healthcare Research and responsible for enforcing HIPAA and its impleQuality [AHRQ], 2014). menting regulations, reported 710 significant The ONC, an office within HHS, recently breaches of health information affecting approxpublished A 10-Year Vision to Achieve an Interop- imately 22.5 million individuals (OCR, n.d.[b]). erable Health IT Infrastructure (ONC, 2014a), From 2003 to 2012, the OCR also reported which foresees the need for even further change. more than 18,000 HIPAA violations, which were This report recognizes the dramatic advanceresolved by requiring the covered entity to take ments that have occurred over the past decade corrective action and by providing technical in digitizing the care delivery system, but also assistance (OCR, n.d.[c]). In a May 2014 “snappoints out that patients’ electronic health inshot” study, the Federal Trade Commission formation often is not shared across organiza(FTC) found that twelve health and fitness apps tional, vendor, and geographic boundaries. were sharing information with seventy-six third The report (http://goo.gl/x1aD4b) envisions a parties. Among the information being shared more connected healthcare system and active were device and consumer-specific identifiers individual health management by 2024. To and information about consumers’ exercise and accomplish this, a significant goal is to improve eating habits. The FTC concluded that there information-sharing at all levels of public health were significant privacy implications where and thus enable research to better generate eviinformation might be aggregated using these dence that could be delivered to the point of identifiers (FTC, 2014). care. Information from the health delivery sysAlthough trends in health information– tem is to be easily accessible to individuals so sharing pose new risks, privacy clearly is on the that it can be integrated with that information radar for policy makers. Under legislation passed stored in technology, such as smart phone apps in 2009, the ONC is required to have a Chief PriCopyright © 2015 American Society on Aging; all rights reserved. This article may not be duplicated, reprinted or distributed in any form without written permission from the publisher: American Society on Aging, 575 Market St., Suite 2100, San Francisco, CA 94105-2869; e-mail: [email protected] For information about ASA’s publications visit www.asaging.org/publications. For information about ASA membership visit www.asaging.org/join. Spring 2015 • Vol. 39 . No. 1 | 99 GE NER ATIO NS – Journal of the American Society on Aging vacy Officer to ensure that privacy and security is included in every phase of health IT development and implementation (U.S. House Committee on Ways and Means, 2009). Two federal advisory groups composed of a wide range of healthcare experts from the private sector, including a working group focused on privacy and security policy, also advise the ONC. Privacy is among the guiding principles in the ONC’s Ten-Year Vision report, which emphasizes the importance of public trust, strong safeguards, and transparency regarding the business practices of entities that use patient data, particularly those not covered by HIPAA regulations (ONC, 2014a). The FTC has emphasized over the past year that health information still is highly sensitive and the Commission is concerned about how consumer-generated health data will be protected. FTC Chairwoman Edith Ramirez recently noted the proliferation of connected products, services, and technologies, including those in the health sector. While recognizing the tremendous potential of these developments, she also warned of the dangers associated with ubiquitous data collection; the potential for unexpected uses of Pages 97–104 consumer data that could have adverse consequences; and, heightened security risks. She suggested that industry adopt “security by design” to build protections into these products and services; engage in data minimization (i.e., collecting and using only that personal information necessary for the purpose); and, increase transparency and provide consumers with notice of privacy practices and choice for unexpected data uses (FTC, 2015). There is some indication the industry is responding. It was recently reported that Apple changed its licensing agreement with developers to prohibit the sharing of information gathered through its health and fitness app (Farr and Bartz, 2014; Pai, 2014). Research shows that individuals support the use of technology to improve the healthcare system but despite government focus on protections, remain concerned about the privacy and security of their health information (Patel, 2014). According to a 2012 nationwide survey, about three-quarters of individuals support EHRs and health information exchange among providers who are treating them. However, consumer support for EHRs and health information exchange is strongest when people believe that Figure 1. Privacy Protection Strategies for Healthcare Professionals 100 | Spring 2015 • Vol. 39 . No. 1 Copyright © 2015 American Society on Aging; all rights reserved. This article may not be duplicated, reprinted or distributed in any form without written permission from the publisher: American Society on Aging, 575 Market St., Suite 2100, San Francisco, CA 94105-2869; e-mail: [email protected] For information about ASA’s publications visit www.asaging.org/publications. For information about ASA membership visit www.asaging.org/join. Self-Empowered Aging Pages 97–104 their providers have put reasonable privacy and security protections in place. Support for EHRs drops from 87 percent among those who strongly agree that providers have established reasonable protections to 17 percent among those who strongly disagree (Hughes, Patel, and Pritts, 2014). Further, a survey conducted in 2010 indicated that consumers between ages 40 and 64 were most concerned about privacy and security—suggesting that the emerging cohort of older adults, many of whom are technologysavvy, may have stronger convictions about these issues than the current older population (Dimitropoulos et al., 2011b). Suggested Practices for Healthcare Professionals Healthcare professionals, particularly those treating older people, have a critical role in ensuring patient trust. Figure 1 (see page 100) provides a high-level picture of suggested privacy practices for healthcare professionals, culled from government guidance and the author’s knowledge. First, healthcare professionals need to be knowledgeable about privacy and how their organizations protect personal health information. This includes being familiar with their organization’s required written policies and procedures related to protecting patient information. They should also know their organization’s breach-notification procedures and who to contact if they discover a suspected breach. Annual training is required under The HIPAA Privacy Rule. It is also important to refresh this knowledge base by continuing to learn about HIPAA, state laws, and other privacy and security requirements, while realizing that requirements may change over time. (See sidebar on this page for useful privacy resources.) Professionals should review their organization’s Notice of Privacy Practices, which HIPAA requires, and ask questions to clarify organizational practices. What information is being collected? With whom is it shared? For what Privacy Resources ONC: Health Information Privacy, Security, and Your EHR; www.healthit.gov/providers-profes sionals/ehr-privacy-security OCR: Health Information Privacy; www.hhs.gov/ ocr/privacy/index.html Summary of The HIPAA Privacy Rule; www.hhs. gov/ocr/privacy/hipaa/understanding/sum mary/index.html Summary of The HIPAA Security Rule; www. hhs.gov/ocr/privacy/hipaa/understanding/ srsummary.html Guide to Privacy and Security of Health Information; www.healthit.gov/sites/default/files/ pdf/privacy/privacy-and-security-guide.pdf purpose? It should be noted that not all information is collected directly from patients; for example, medical devices may collect personal health information. The HIPAA Privacy Rule requires that providers appoint a HIPAA Privacy Officer, who can be a resource for better understanding their organization’s practices (OCR, n.d.[d]). Healthcare professionals have a trusted relationship with their patients and caregivers and often are in the best position to communicate with patients about privacy and the use and sharing of health information. These professionals should initiate communication with patients and their caregivers about the privacy and security of health information. This conversation should include the contents of the Notice of Privacy Practices, but also should go beyond that. These notices often are lengthy, written in “legalese,” and may be difficult for patients to understand. HHS sometimes receives complaints from patients saying that they were not provided the required notice or were asked to acknowledge receipt without actually receiving it (Rodriguez and Johnson, 2013). Having such Copyright © 2015 American Society on Aging; all rights reserved. This article may not be duplicated, reprinted or distributed in any form without written permission from the publisher: American Society on Aging, 575 Market St., Suite 2100, San Francisco, CA 94105-2869; e-mail: [email protected] For information about ASA’s publications visit www.asaging.org/publications. For information about ASA membership visit www.asaging.org/join. Spring 2015 • Vol. 39 . No. 1 | 101 GE NER ATIO NS – Journal of the American Society on Aging Pages 97–104 conversations with patients can help prevent misunderstandings. Healthcare professionals should be prepared with an informed response when patients or caregivers ask for access to patient health information, an amendment to their record, or an accounting of disclosures. Patients should be invited to ask questions and express concerns they might have. All consumer communications should be culturally appropriate, and consider language, communication needs, literacy, and the Leadership by healthcare professionals is key to creating a “privacy culture.” Everyone involved needs to take responsibility for ensuring the privacy and security of health information. Healthcare professionals must lead by example, scrupulously following organizational policies and procedures and emphasizing the importance of these requirements. Often, the most basic actions are critically important—e.g., creating strong passwords and changing them frequently; using up-to-date antivirus software and firewalls; keeping Not all information is collected directly records in locked cabinets; using shield screens on computer monitors so that from patients—medical devices also may others cannot see sensitive on-screen collect personal health information. information; establishing physical level of trust existing between healthcare provid- security for office space; and, using good judgers and different patient populations (ONC, n.d.). ment regarding when and where (and at what Research indicates that certain demographic volume) to discuss patient information. It also is groups may have less trust in healthcare profesimportant to hold…

YOU MAY ALSO READ ...  Exp19_Access_Ch06_Capstone – Northwind Traders Sales Analysis 1.0

WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.

Assignment status: Already Solved By Our Experts

(USA, AUS, UK & CA PhD. Writers)

CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS

Order from Academic Writers Bay
Best Custom Essay Writing Services

QUALITY: 100% ORIGINAL PAPER NO PLAGIARISM - CUSTOM PAPER

Why Choose Us?

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How It Works

  • Click on the “Place Your Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.

About AcademicWritersBay.com

AcademicWritersBay.com is an easy-to-use and reliable service that is ready to assist you with your papers 24/7/ 365days a year. 99% of our customers are happy with their papers. Our team is efficient and will always tackle your essay needs comprehensively assuring you of excellent results. Feel free to ask them anything concerning your essay demands or Order.

AcademicWritersBay.com is a private company that offers academic support and assistance to students at all levels. Our mission is to provide proficient and high quality academic services to our highly esteemed clients. AcademicWritersBay.com is equipped with competent and proficient writers to tackle all types of your academic needs, and provide you with excellent results. Most of our writers are holders of master's degrees or PhDs, which is an surety of excellent results to our clients. We provide assistance to students all over the world.
We provide high quality term papers, research papers, essays, proposals, theses and many others. At AcademicWritersBay.com, you can be sure of excellent grades in your assignments and final exams.

NO PLAGIARISM