Evolution of Health Care System With new technological innovations, paper medical records transformed into electronic formats. But although accessing information became more convenient with this new format, a tradeoff was created. Though health-care providers and practitioners in the US follow a standard procedure when it comes to protecting the privacy of these individuals with regard to their information, with the changing of systems, more loopholes were inevitably created.
HIPAA The Congress acknowledged the inadequacy of health care information systems and implemented the Health Insurance Portability and Accountability Act (HIPAA) that generated clear lines on the release and use of individuals’ health records and allows the individuals in question more control over their own health information (CDCP, 2003). With HIPAA, covered entities are assigned to facilitate individuals’ health information.
The individuals can access their information from them and these covered entities and their business associates are obligated to give them an accounting of the disclosures that were made with their information. Individuals must also be provided with a written notice of the entities’ privacy practices, an opportunity to request amendments of the records and an option to limit the use or disclosure of their information. However, covered entities not obliged to agree to restrictive requests.
But if they agree, their compliance with what the client restricts them to do is a given except in cases of emergency (OCR, 2003). Individuals also can request alternative methods of communicating information (TWC, 2004). They can deviate from the usual method of access if they think that there would be risks involved, without being required to prove it (OCR, 2003). Consent is one thing that is very essential in this Act; it is actually the thing that prevents mal-users from abusing a person’s information.
But even with this, there are instances that specific people can access it without consent from them. Law enforcers can have the information from the covered entities without waiting for consent if they are doing it under lawful purposes. Funeral directors and medical examiners, as authorized by the law can have it for autopsy and other related functions also. “The information may also be used to facilitate the donation and transplant of organs, eyes, and tissue” (OCR, 2003).
Another instance is if the information is needed for a valid research program and helpful for prevention of serious and impending threat to a person or the general public. Nor is consent necessary when it is for certain essential government functions like pursuing effective military missions, carrying out of intelligence and activities deemed important for national security like protecting the president and the citizens, and the establishment of the eligibility to be part of certain government benefit programs and other related activities.
The various workers’ compensation laws and other similar provisions may also a factor to persuade the covered entities to discharge the information even without authorization of the party involved (OCR, 2003). Covered entities carry out their responsibility of safe keeper in a series of ways. “They must implement written PHI privacy procedures, appoint a privacy office, explain to business associates the obligation to sign agreements while respecting to the confidentiality of PHI and how it should be kept that way” (TWC, 2004).
Their entire workforce is trained to follow their privacy guidelines, which are people under their direct control regardless of whether they are recipients of compensation or not. They are all to pursue their tasks in accordance to these guidelines. Violations to these policies and procedures by the said workforce have its respective sanctions and punishments as determined by the covered entities (TWC, 2004). HIPAA is set up to keep the private health information in good hands. That is manifested in all these formal structure and regulations set up to govern this information (CDCP, 2003).