Sponsored by the HealthcareTrainingInstitute.org providing Quality Education since 1979
Add to Shopping Cart

 HIPAA: Setting Ethical Client Boundaries
3 CEUs HIPAA: Setting Ethical Client Boundaries

Section 8
Privacy vs. Security in the HIPAA Environment

Question 8 | Ethics CEUs Answer Booklet | Table of Contents | Confidentiality CEU Courses
Social Worker CEUs, Psychologist CEs, Counselor CEUs, MFT CEUs

Security
The HIPAA security regulations are mainly borrowed from other industries, with modifications for the uniqueness of healthcare. The regulations describe technical solutions that provide solid security for patient information traveling electronically among providers, payers and other healthcare organizations. The purpose of HIPAA's stringent security measures is to ensure that patient information is protected from view by anyone other than the intended recipients—a worthy purpose that poses problems in implementation.

For example, there is continuing debate about HIPAA's approach to "secure" faxing. Appropriate HIPAA procedure dictates that the receiving fax machine be located in a secure (i.e., locked) room. The individual receiving the fax must sign into the room and log the time, date and fax data (who sent the fax, topic, etc.). Many question the necessity of taking such drastic measures to secure faxed data but the sensitive and confidential nature of clinical information—of paramount concern in behavioral healthcare—arguably warrants such an approach.

Moving more deeply into this new world, to meet HIPAA's security and privacy requirements, a secure system must have:

  • Authorization. Role-based authorizations (access controls), confidentiality (encryption) and nonrepudiation (digital signatures).
  • Authentication. The assurance of a user's identity, accomplished by use of a unique identifier (e.g., password, biometric identifier, smart card).
  • Audit trail. A record of all activities occurring in the system, providing a documented "chain of trust."
  • Secure data storage and transmission. Data security must be maintained during electronic document transmission, with encryption being the likely solution.
  • Integrity. Information must be accurate, consistent and complete.

Privacy
Privacy is perhaps the most politically charged issue associated with HIPAA. Privacy addresses the patient's right to control his or her own medical information. The regulations include strict guidelines for patients' informed consent to use and disclose their health information, as well as "data scrubbing" (removing patient identifiable information) and procedures allowing consumer control over personal medical information.

Healthcare providers will be permitted to maintain information regarding patient care—however, providers' ability to deliver individuals' medical information to outside parties is prohibited without full disclosure and prior patient approval.
Data scrubbing involves removing obvious patient identifiers when the remaining clinical information is used for research purposes. There is much debate about whether the remaining patient information in such instances would still be considered confidential. Privacy experts have identified improper access to the "scrubbed" data in 75% of cases studied.

The primary issue regarding HIPAA's privacy regulations is the patient's ability to control access to his or her medical information. Average consumers believe they have control over their medical information. Then they try accessing that information or, worse yet, transferring the information to another physician. They find that the effort required is monumental and generally produces limited success. HIPAA aims to simplify the process, placing control of the information directly in the hands of patients. Although this intuitively makes sense, the healthcare industry is not procedurally equipped on an organizational level to accommodate it. It will take a great deal of work and time to craft policies and procedures to make patient access workable.

Ethics - Privacy, Security and Behavioral Medicine
HIPAA regulations apply to every sector of the healthcare industry, most definitely including behavioral medicine. Several overriding issues affect the way HIPAA regulations are implemented in a behavioral health environment—i.e., patients' mental capacity, the degree of information sensitivity (some would argue that all such patient information is equally sensitive), legal issues, accountability to funding sources and technological capabilities.

Patients must be mentally competent to control their medical information. In cases where patients are incompetent, family members or the courts, acting as guardians, will exercise control. Behavioral healthcare professionals must account for and develop procedures to accommodate and fully document these situations.

It should be noted that in states like California, where strict confidentiality laws have been enacted governing the sharing of this type of medical information, state law will prevail over the federally mandated HIPAA regulations.

Finally, one of the primary concerns regarding implementing a HIPAA solution is the cost of the effort. The cost includes organizational education, implementing and developing policies and procedures, developing new contracts with organizations such as clearinghouses to ensure that they are following HIPAA regulations, identifying and implementing the technology solutions necessary to meet HIPAA security requirements, and establishing a chief privacy officer position.

Behavioral medicine is notoriously under-reimbursed, and practitioners often lack the funds necessary to implement HIPAA solutions. Nevertheless, HIPAA compliance is mandatory. Therefore, other priorities, such as clinical equipment purchases and hiring additional staff, must become secondary considerations until other sources of funding are identified.
In truth, the skills necessary to implement HIPAA security solutions within behavioral medicine are generally nonexistent. Behavioral organizations should therefore consider using contract assistance, although this, of course, will increase the cost of compliance.

Conclusion
The HIPAA regulations affect virtually every person and organization that works in the healthcare sector. So-called "drastic" security measures are even more justifiable in the behavioral health arena. No behavioral healthcare consumer wants to accept the consequences of open access to his medical information, particularly when the clinical issue is a stigmatized one. The real issue for providers is finding a means to ensure privacy and security that doesn't jeopardize the organization itself.

HIPAA's security and privacy standards are clear, and failure to comply will be punishable by imprisonment and fines of up to $250,000. Protecting patient information wilt be expensive and difficult—but can you afford not to.
- Chenoweth, Don; Privacy vs security in the HIPAA environment; Behavioral Health Management; Jul/Aug 2001; Vol. 21; Issue 4.
The article above contains foundational information. Articles below contain optional updates.

Personal Reflection Exercise #4
The preceding section contained information about privacy vs security in the HIPAA environment.  Write three case study examples regarding how you might use the content of this section in your practice.

Ethics CEUs QUESTION 8
HIPAA’s privacy regulations include "data scrubbing". What is "data scrubbing"? Record the letter of the correct answer the Ethics CEUs Answer Booklet

 
Others who bought this Confidentiality Course
also bought…

Scroll DownScroll UpCourse Listing Bottom Cap

Ethics CEUs Answer Booklet for this course | Confidentiality CEU Courses
Forward to Section 9
Back to Section 7
Table of Contents
Top

The article above contains foundational information. Articles below contain optional updates.
This RSS feed URL is deprecated - May 22, 2018
This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news
Does EHR Patient Access Fall Short of HIPAA Compliance? - HealthITSecurity.com - May 16, 2018

HealthITSecurity.com

Does EHR Patient Access Fall Short of HIPAA Compliance?
HealthITSecurity.com
Among the challenges faced by patients are high fees when requesting medical records and a lack of understanding about their rights under HIPAA to access their records. High fees are particularly worrisome in the case where the person faces severe ...

and more »
Amazon's Alexa Healthcare Team Bones Up on HIPAA Compliance - HealthITSecurity.com - May 14, 2018

HealthITSecurity.com

Amazon's Alexa Healthcare Team Bones Up on HIPAA Compliance
HealthITSecurity.com
The team is being led by Rachel Jiang and includes Missy Krasner, who joined Amazon from Box where she played a part in Box's effort to ensure HIPAA compliance, according to CNBC. Other members include Larry Ockene, a ten-year veteran engineer at ...
Alexa Could Soon Become Your In-House Doctor According to Amazon Internal DocumentInteresting Engineering
DIGITAL HEALTH BRIEFING: Amazon is building a health team for Alexa — HLTH conference roundup — Job-search ...Business Insider
Amazon is building a 'health & wellness' team within Alexa as it aims to upend health careCNBC

all 7 news articles »
Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States - June 13-14, 2018 ... - Business Wire (press release) - May 18, 2018

Bristol Herald Courier

Two Day Seminar: HIPAA Compliance 2018 (Salt Lake City, Utah, United States - June 13-14, 2018 ...
Business Wire (press release)
DUBLIN--(BUSINESS WIRE)--The "HIPAA Compliance 2018" conference has been added to ResearchAndMarkets.com's offering. This two day seminar takes the participants through HIPAA compliance from start to compliance. Although healthcare news and ...
One Day HIPAA and the Business Associate Seminar (Savannah, United States - June 5th, 2018 ...WV News

all 4 news articles »
Approaching the Top 5 Healthcare Cloud Security Concerns - HealthITSecurity.com - May 21, 2018

HealthITSecurity.com

Approaching the Top 5 Healthcare Cloud Security Concerns
HealthITSecurity.com
Network reliability, total cost of ownership, and service level agreements are just a few healthcare cloud security concerns that organizations may face.

and more »

OnlineCEUcredit.com Login


Forget your Password Reset it!