Violation of Health Insurance Portability and Accountability Act Confidentiality - Case Study Example

Violation of HIPAA Confidentiality Research Paper Introduction Pharmacists should be knowledgeable of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as well as its consequent supervision in an occupational setting. Even though HIPAA is widely believed to be the special privacy law associated with records of medical histories, pharmacists should also be acquainted with state laws regulating patient confidentiality, since they generally are more limiting than HIPAA (Moini, 2009). Furthermore, the Privacy Rule of HIPAA safeguards merely personal medical records kept by ‘covered entities’ like dentists, pharmacies, laboratories, hospitals, and numerous other organizations that offer treatment, mental, or medical care. Even though the Privacy Rule lays down a range of rights as regards the ‘protected health information’ of the patients, the policy is meant merely to allow release of these information as required for the treatment of patients and other vital purposes (Darvey, 2008). This research paper discusses the violation of HIPAA confidentiality rule within the pharmaceutical context. Patients’ Confidentiality Rights Employers are mostly exempted from HIPAA, with the exception of inadequate capacities. Particularly, in case an employer performs as a manager for its organization’s health plan, offers a self-insured wellness plan for its workers, or runs a health plan or health clinic, the employer would be a ‘covered entity’ and thus bound by the HIPAA Privacy Rule (Chisholm-Burns et al., 2014). For that reason, such employers should not release or make use of a protect health information of an employee for occupational measures or decisions and should simply obtain and utilize the least information needed to carry out organizational tasks. Moreover, employers should build a ‘firewall’ between occupational decisions and benefits management to guarantee conformity to the HIPAA Privacy Rule (Marcinko, 2004). Data associated with claims resolution, utilization statements, clarifications of benefits, claims management, contributions to flexible spending account, premium payments, and health plan registration and resignation should be confidential. Still, employee records are omitted from HIPAA security, such as drug testing results, data associated with the Americans with Disabilities Act to guarantee accommodations, Family Medical Leave Act accreditations, and requests for sick leave (Marcinko, 2004). Even though certain pharmacies could be bound by HIPAA agreement in relation to their own personnel, every pharmacy is bound by HIPAA agreement in relation to their patients and customers. As a result, pharmacist managers should guarantee that their personnel are informed about and obedient to HIPAA provisions (Darvey, 2008). The HIPAA Privacy Rule assigns a hands-on responsibility to employers to appropriately manage, educate, and train their personnel. Pharmacy employers must put into practice an inclusive HIPAA training plan for personnel that is properly documented and in accordance to company rules and present legal obligations (Wertheimer & Konnor, 2012). This training must stress the essence and significance of privacy and confidentiality, and unambiguously explain the importance of sustaining continuous caution to avoid violations of confidentiality and safeguard the privacy of patients. Furthermore, the HIPAA Security Rule stipulates that covered entities (Marcinko, 2004, 90): (1) Ensure the confidentiality, integrity, and availability of electronic health information that they produce, obtain, maintain or transmit; (2) protect the data against reasonably anticipated threats to its security or integrity; (3) safeguard against impermissible use or disclosure of the information; and (4) ensure that their employees comply with the Security Rule. Organizational, technological, and physical protection should be established to motivate personnel to safeguard the privacy of patients and the confidentiality of medical records (Marcinko, 2004). Examples of protections that are frequently employed, especially in major health care institutions like hospitals, are automatic log-off feature for computer units, guidelines on data storage and use, protections for workstation privacy, validation processes, access regulation, and password control. Within the retail context, additional prescription tags or old prescription bottles must be disposed in a way that ensures others will not find such information in the garbage (Chisholm-Burns et al., 2014). Moreover, pharmacists must be taught to advice patients in a personal manner or privately, instead of where other people can overhear the conversation. Personnel must also know that adults cannot have access to prescription information for other adults, although they are a very close relative or member of the family, without a direct HIPAA-compliant statement (Moini, 2009). Making sure employees comply with these protections can assist employers in identifying whether additional training, reform of the workflow and work setting, or other measures is required to sustain compliance with HIPAA. Upon detection of a possible violation of HIPAA confidentiality, employers must carry out prompt actions to remedy or lessen the violation as necessary (Darvey, 2008). The HIPAA Privacy Rule allows the intervention of the government for violations that can lead to criminal and civil sanctions. Hence, in case a covered entity disobeys HIPAA rules by revealing protected medical records in an unlawful way or is not able to perform the correct security actions to safeguard such data, it could be monetarily fined, with the sum of the fine determined by the seriousness of the crime. Moreover, the Health Information Technology for Economic and Clinical Health (HITECH) Act permits federal courts to handle HIPAA violations (Wertheimer & Konnor, 2012). The collaboration between legal actions by states’ attorneys general and federal investigations could place providers under forceful implementation of the HIPAA Privacy and Security Rules (Moini, 2009). Patients can demand that pharmacies willingly award them further privacy and confidentiality rights not authorized by state law or mentioned by HIPAA. The pharmacy is not obliged to grant the patient further rights or guarantees not specified by state law or the HIPAA. Nevertheless, if the pharmacy does give consent to further privacy and confidentiality rights, then such should be written and the pharmacy employees should comply with all of these obligations under state law and HIPAA (Chisholm-Burns et al., 2014). When the pharmacist consents to such further rights, any form of violation of the requirements and duties exposes the pharmacist to penalties under HIPAA. Such rights keep on existing until the pharmacist informs the patient that they will discontinue allowing these rights (Wertheimer & Konnor, 2012). At first glance, owing to the intricacies of HIPAA, numerous pharmacies might firstly assume that they will under no circumstances consent to further privacy rights or duties. Nevertheless, patients will no doubt submit several somewhat sensible demands that pharmacies will prefer to allow for the better wellbeing of the patients (Wertheimer & Konnor, 2012). For instance, a critically ill patient who is receiving several medications and is incapable of going to the pharmacy by him/herself may ask that only specific persons be permitted to get the prescriptions for the patient. If the pharmacy does consent to award further rights or to take on further obligations then these must be definitely and thoroughly recorded or written and personnel totally notified to prevent unintentional violations (Marcinko, 2004). Patients have the right to obtain a record of almost all disclosures performed by the pharmacy. Conclusions Every covered entity, as well as pharmacies, should formulate privacy and confidentiality rules and processes to specify how all the obligations and requirements laid out under the HIPAA will be fulfilled. The pharmacy personnel should be taught and conform to these rules. Inability to formulate or comply with the rules could put both the individual and the pharmacy disobeying the order at HIPAA penalties. In addition to the right to obtain and recognize acceptance of the notification of the pharmacy’s privacy and confidentiality procedures, HIPAA provides patients several extra rights. Several of these possess greater relevance in healthcare settings like doctor’s clinics or hospitals, yet all are relevant to pharmacy and conformity may create several major organizational problems. References Chisholm-Burns, M., Vaillancourt, A., & Shepherd, M. (2014). Pharmacy Management, Leadership, Marketing, and Finance. Sudbury, MA: Jones & Bartlett Publishers. Darvey, D. (2008). The Legal Handbook for Pharmacy Technicians. New York: ASHP. Marcinko, D.E. (2004). The Business of Medical Practice: Advanced Profit Maximization Techniques for Savvy Doctors. New York: Springer Publishing Company. Moini, J. (2009). Law and Ethics for Pharmacy Technicians. Mason, OH: Cengage Learning. Wertheimer, A. & Konnor, D. (2012). Pharmacy Law Desk Reference. London: Routledge. Read More