If you order your research paper from our custom writing service you will receive a perfectly written assignment on 123 HIPPA. What we need from you is to provide us with your detailed paper instructions for our experienced writers to follow all of your specific writing requirements. Specify your order details, state the exact number of pages required and our custom writing professionals will deliver the best quality 123 HIPPA paper right on time.
Our staff of freelance writers includes over 120 experts proficient in 123 HIPPA, therefore you can rest assured that your assignment will be handled by only top rated specialists. Order your 123 HIPPA paper at
Our affordable prices!
Effects of the Health Insurance Portability & Accountability Act (HIPAA) Introduction Just when Americans thought it was safe to turn on their computers after this year's anticipated YK catastrophe, now comes the federal government's new Health Insurance Portability & Accountability Act (HIPAA) -- privacy regulations that will create new, insurmountable challenges for today's healthcare industry. The YK bug is estimated to have cost the health care industry upwards of $10 billion. By comparison, implementing the HIPAA privacy and security regulations is estimated to cost the health care industry $40 billion over the next two years. Beginning January 001, US health care operations will never be the same again. This paper will address the origins of these new federal privacy regulations with a specific focus on the privacy standards and the Health and Human Services (HHS) proposed rules on confidentiality of personal health information. In a Wall Street Journal/ABC poll conducted on September 16, 1, Americans were asked to identify those issues that concerned them most for the coming century. Loss of personal privacy ranked as the first or second concern of percent of all respondents. Other issues, such as terrorism, world war, and global warming, scored of percent or less. Background Historically, an individual's access to his or her own medical records and the ability to limit that access to third-parties was safeguarded by the patient, physicians, and healthcare organizations (i.e., hospitals, clinics, etc.). However, with advances in information technology, the issues of security and breeches of patient confidentiality have become major priorities. When Congress passed the Health Insurance Portability & Accountability Act of 16, it contained hundreds of pages of proposed legislation intended to set privacy and security standards for the creation and maintenance of patient health care databases. Congress set a deadline for itself of fall 1, to pass comprehensive legislation regulating the privacy and security of information traditionally held sacred between patient and doctor. If Congress did not meet its deadline, HIPAA authorized the Secretary of the Department of Health & Human Services (HHS) to take on the program. In November 1, after Congress failed to meet its deadline, HHS issued proposed privacy regulations regarding the secure treatment of electronic information and requiring a standardization of data used in transmitting health care information electronically. After the uneventful passing of the YK crisis, healthcare providers reevaluated the proposed regulations and began to realize the impact of such privacy and security regulations. Purpose HIPAA addresses the protection of health information from its creation and establishes uniform requirements for those handling such information. The new privacy regulations effect all health care providers, health plan administrators, and health care clearinghouses (hereinafter collectively referred to as health care operators) that electronically transmit individual, identifiable health information in one of several types of transactions. The regulations apply not only when a health care operator engages in one of the listed transaction, but any time they use or disclose protected information. In fact, the regulation covers such a broad variety of healthcare-related transactions -- such as verification and coordination of benefits -- that only on rare occasion will a health care operator not be effected by this mandate. The regulation governs the use and disclosure of individual, identifiable health information that has been electronically transmitted or maintained by a health care operator. However, not all health care information is protected under these regulations. The new privacy regulation only applies when a health care operator places information that potentially identifies an individual into an electronic format, and a reasonable basis exists to believe that the information can or will be used to identify the individual. This category of information is known under the new regulation as protected health information. It is important to remember that individual, identifiable health care information can easily become subject to these regulations whenever existing information is entered into a computer or any type of electronic data system. This includes the scanning of older, paper records into an optical storage device. As a general rule, protected health care information may not be used or disclosed -- even within an organization -- unless the health care operator receives specific authorization from the individual patient. The Privacy Act of 174 Before considering the HIPAA Act, there is value in first reviewing the Privacy Act of 174, as both generally promote respect for the public's privacy. Under the Privacy Act of 174, federal agencies were adopt minimum standards for the collection and processing of personal information, and to publish detailed descriptions of these procedures. This Act also limits the making of such records available to other private agencies or parties and requires agencies to make records on individuals available to them upon request, subject to certain conditions and exclusions. This is not unlike the HIPAA Act which governs how health care operators (as opposed to the federal government) handles the confidential information obtained from patients (as opposed to the public at large). The Privacy Act of 174, has four basic policy objectives o To restrict disclosures of personally identifiable records. o To grant individuals more rights to access records agencies maintain on them. o To grant individuals the right to seek amendments to agency records maintained on themselves. o To establish a code of fair information practices which requires agencies to comply with statutory norms for collection, maintenance, and dissemination of records. Security According to the HIPAA, the security standards that apply to the health care operators must address reasonable and appropriate administrative, technical, and physical safeguards to o Ensure the integrity and confidentiality of the information. o Protect against any reasonable anticipated threats or hazards to the security or integrity of the information, including unauthorized use or disclosure. o Ensure compliance by officers and employees of the health care operators. Personnel Security Organizations that handle individual health care information must establish control policies that regulate appropriate access to the information in their possession, while assuring its confidentiality. An effective policy would first determine those staff members who are granted authorization to the information, and then govern how and when such authorization is maintained, modified, or terminated. Issues to consider are · Training. Employees should be trained regarding what information, systems, or applications they have authority to access, together with their responsibility to limit such access. · Identification Health care operators should supply authorized personnel with Personal Identification Numbers (PINs) or key cards by which users can be authenticated as part of the control process. Information Systems Security Management Information systems security management requires formal policies and procedures for granting (or denying) access to various levels of health care information, including user authentication and accountability practices. In order to meet regulatory compliance, three key areas must be in place 1. security measures for all information systems; . security testing, including intrusion testing, performed regularly on systems and networks; . virus protection, and a response procedure when a virus is detected. · documenting all policies and procedures in the integration and daily work of the Information Systems Management Department. · installing software that maintains review schedules for testing security features. · creating a system for on-going and periodic system checking. · updating and formatting a frequent virus checking system and procedure. Security Incident Procedures To ensure that violations are managed quickly, health care operators are required to have documented damage control procedures for reporting security breaches. Such procedures should address data backup, data storage, and proper disposal of data, in addition to assigning responsibility in the event of a security incident. The damage control procedures should also include a disaster recovery plan, emergency mode operations, equipment control, an organization security plan, procedures for verifying authorization prior to physical access, maintenance records, need-to-know procedures for personnel access, and sign-in procedures for outside (contract) vendors. Security Management Process Health care operators are required to establish risk reduction security policies to insure accountability, prevention, containment, and correction of security breaches including risk analysis, risk management, and sanction policies. Additional measures to protect sensitive data includes firewalls, intrusion detection devices, and audit logs. Training It is imperative that personnel be properly trained in order for a health care operator to meet the HIPAA standards. Each organization must develop, implement, and maintain records of awareness training for all personnel on virus protection, reporting data discrepancies, and password management to ensure protection of health care information. Terminations Procedures In order to meet the HIPAA standards, health care operators must establish termination procedures for personnel leaving the organization including changing the locks, terminating user access to databases, denying access to the physical facilities, and revoking control mechanisms (i.e., swipe cards and keys). Market Refortm / Impact The financial impact for organizations preparing for the YK bug was estimated to have cost the health care industry upwards of $10 billion. Implementing the HIPAA privacy and security regulations is being estimated to cost the health care industry $40 billion over the next two years. According to a recent survey conducted by the newsletter HIPAA Alert, 80 percent of health care operators, and 75 percent of insurers, are trying to build overall awareness in their organizations about the new HIPAA requirements. Additionally, more than half of healthcare industry professionals are completing their initial assessment process. Over half of billing clearinghouses and vendors are well into HIPAA compliance, planning, and implementation. It is the health care providers and insurers who are behind in their efforts, with less than a third of respondents saying they have begun planning and implementation for the HIPAA compliance. One reason given for the slow movement of providers was that they were waiting for the final rules to be set in place before moving forward with implementation. Three-fourths of information system vendors indicated that they would complete internal testing of the HIPAA-compliant systems within 1 months, and all billing clearinghouse respondents reported they will be HIPAA-ready within 18 months. More than half of insurers indicate that they will not be fully HIPAA-compliant for 4 months or longer, possibly because of confusion over what is really needed to be compliant. Court Decisions Inasmuch as the HIPAA law has yet to go into effect, there is no case law yet involving this legislation. It will be interesting, however, to see how this legislation impacts further interactions between health care operators and the people they serve. Recommendation Health care operators who will be affected by the final ruling slated for December 000, should assess their current status to ascertain whether they will be in compliance with HIPAA and, if not, what they need to do about it. Such assessments should include Educate organization staff members What can a health care operator do to prepare for HIPAA? Their first step should be to educate their senior management and line-staff. The HIPAA is a complicated and extensive piece of legislation. It requires considerable education and a commitment from senior management to secure the necessary human resources and financial resources. Especially in larger health care operations, a chief security officer or similar senior management officer is recommended to lead the organization's HIPAA efforts. Coordinate a HIPAA Committee Individual health care operators should each establish HIPAA committees. These group should be responsible for the oversight of HIPAA education, communication, and timelines. Needless to say, personnel from Human Resources, Information Services, Finance, and the General Counsel's office should comprise the committee, in addition to personal from medical records, medical staff affairs, managed care, and the business office. Such committee should meet frequently during the establishment and coordination of the HIPAA initiatives to make certain that compliance will be met, and then periodically thereafter to insure proper maintenance. Audit Policies, Procedures, and Application Systems Health care operators should audit their existing information systems to identify areas that will require improvement in order to comply with the HIPAA rules. One method would be to conduct a gap analysis. The analysis would serve as the foundation for creating a timeline for meeting the HIPAA deadlines. The audit should include an extensive review of all policies and procedures associated with the release of information, network and application security, and medical record confidentiality. Such audits both current and future should be under the direction of the HIPAA Committee referred to above. Identify Risk Areas As a result of the initial audit, each health care operator should be able to recognize high risk areas and then develop a corrective action plan in response. Such action plan will greatly depend on the identified deficiency. As a matter of necessity, those areas with the highest risk should be addressed first, although these may also require the most time, money, and manpower to correct. Most importantly, health care operators should document each of their efforts towards compliance in the event that their labors are ever questioned. Conclusion Compliance with the upcoming HIPAA mandates will require the coordinated efforts of every health care operator in the United States. However, despite how long, costly, and tedious this process may be to these organizations, these initiatives are absolutely necessary to safeguard the right of each American citizen regarding his or her health care records. In the current cyber-society in which we live one that will only get more sophisticated with time such laws are imperative. The average cyber-junkie, familiar with the information superhighway and all its little side-streets and alleys, can already find out more information on the average citizen than most of us would want shared our home addresses, phone numbers, interests, hobbies, etc. In some ways, it is akin to George Orwell's 184. The only exception is, this time it is not Big Brother who is watching instead it is your next door neighbor or the kid down the street. Without laws such as the Health Insurance Portability & Accountability Act, we could one day learn that our most personal concerns the health of our minds and bodies is fodder on the Internet. Bibliography References HIPAA Insurance Reform http//www.hcfa.gov/medicaid/ HIPAA Health Information Standards http//www.jhita.org/hipaarule.htm Health Insurance Portability and Accountability Act of 16 Administrative Simplification http//www.hcfa.gov/facts/February 17 Health Insurance Portability and Accountability Act of 16 Getting Ready for HIPAA Privacy Rules AHIMA article on preparing for HIPAA security standards http//www.ahima.org/journal/features/feature.0004.5.html Conducting Your Own Internal Assessment Journal of AHIMA article provides good checklist to do your own assessment http//www.ahima.org/journal/features/feature.0005.4.html Lemonine, B. The Business Journals. HIPAA compliance cost may exceed YK http//www.bizjournals.com/ Part II Potential Effects of HIPAA A Review of The Literature Stephen Long and M. Susan Marquis http//aspe.hhs.gov/health/reports/hipabase/ Department of Health and Human Services, Proposed Standards for Privacy and Individually Identifiable Health Information http//aspe.hhs.gov/admnsimp/faqtxdif.htm Proposed Rules Federal Register, 6, no. 155 (18) http//www.access.gpo.gov Implementing HIPAA Security Standards Are you Ready? ( October 1) http//www.ahima.org/journal/features/feature.0004.4.html HIPAA supersite from consulting firm Beacon Partners, includes news, timelines and legal info. http//www.hipaacomply.com Word Count 40
Please note that this sample paper on 123 HIPPA is for your review only. In order to eliminate any of the plagiarism issues, it is highly recommended that you do not use it for you own writing purposes. In case you experience difficulties with writing a well structured and accurately composed paper on 123 HIPPA, we are here to assist you. Your persuasive essay on 123 HIPPA will be written from scratch, so you do not have to worry about its originality. Order your authentic assignment and you will be amazed at how easy it is to complete a quality custom paper within the shortest time possible!