Introduction

The Health Insurance Portability and Accountability Act (HIPAA) 1996, was enacted in the year 1996 for the protection of health insurance coverage for the employees and workers along with their families at the time, when they change or lose their jobs. It also gives right of security to the individuals for their health information (Health Information Privacy, 2013). This act is beneficial to protect the individual and provide rights to individuals to be protected in the group health plans. This act also facilitates a right for individuals for purchasing the individual coverage in the absence of group health plan coverage (Press, 2008). Currently, the security concern for the health information is increasing, which is also protected by HIPAA security rules.

In the current era of technology, all the health information is kept online by most of the healthcare organizations, which may create healthcare information fraud and abuse. Thus, the health information online may affect the security and privacy of individuals. But HIPAA security rules are there, which sets national standards for the protection and security of healthcare information, which is electronically protected (Beaver & Herold, 2003). It also set the confidentiality provisions of the patient safety rule, which is significant to increase the protection of individual health information. The thesis statement for this paper is, ‘Security rule of HIPAA is significant to protect the electronic protected health information.’

This paper will analyze the significance of security rule/policy of HIPAA in context of security of electronically protected health information. The effectiveness of this rule in the protection of health information of individual and in avoiding the health information fraud and abuse will be analyzed along with the group, which is most affected by the lack of security in health information.

 

Security Rule of HIPAA

 

The legislation policy, which will be analyzed in this report, is the HIPAA’s security rule. This rule establishes the national standards, which are significant to protect the individual’s electronic personal health information, which is generally used, received, created, and maintained by a covered entity. This legislation of HIPAA is quite important for individuals as the lack of security for their health information may cause a negative impact over their status in the society and among peers (U.S. Department of Health & Human Services, 2012). For the significance of this rule, it requires appropriate physical, technical and administrative safeguards, which would be beneficial to ensure the integrity and security of the electronic protected health information with confidentiality.

 

The administrative safeguard for HIPAA security rule includes half of the security requirements. It facilitates the requirement within the standards for the evaluation of all the security controls already presented at place and to conduct a risk analysis in accurate and thorough manner (Security Standards: Administrative Safeguards, 2007). The physical safeguard in the security rule of HIPAA facilitates the policies and procedures, which are effective to limit the physical access to the electronic protected information. For this, a properly authorized access is allowed, which reduces the chances of unauthorized access and plays an important role in the protection of health information of individuals (Security Standards: Physical Safeguards, 2007).

 

Technical safeguards are becoming more important in the current environment as technological advancements are taking place within the healthcare industry. The technical safeguard also protects the healthcare information and control the access of it with the use of advanced technologies (Security Standards: Technical Safeguards, 2007). Thus, these three are the major safeguards of HIPAA security rule, which are significant for the protection of healthcare information of individual kept electronically. The main aspect of the security rule of HIPAA is to ask the covered entities for the technical safeguards, which is the most effective aspect of this rule to be significant for the protection of electronic health information (Nass, Levit & Gostin, 2009).

 

History of HIPAA Security Rule

 

The main purpose to develop the HIPAA security standards was to implement the appropriate security safeguards for the protection of electronic protected health information and to permit the appropriate access for the use of individual healthcare information. The promotion of electronic protected health information was the major reason for the development of HIPAA security rules/standards. The security rule was the final rule over the security standards, which was issued in the year 2003. It took in effect from April 21, 2003for the covered entities and small plans (HIPAA Security Rule, 2013). This rule was enacted from the requirements for developing the regulations for the protection of privacy and security of certain health information of individuals.

 

 

Prior to this, there were no rules or set standards or general requirements for the protection of health information in the healthcare industry. At the same time, the evolution of new technologies moved the healthcare industry from paper processes towards the use of electronic healthcare information systems for the different functions such as pay claims; answer eligibility etc (Nass, Levit & Gostin, 2009). To make the standards and to cope with the changing technologies, the security rule was developed, which allowed the covered entities to adopt the new technologies for the quality patient care with the protection of their health information. It was designed in the flexible and scalable manner, which improved the security of individual healthcare information (Trinckes, 2012).

 

Problem/Issues Addressed by Legislation

 

In the current environment, the adaptation of new and advanced technologies is increasing within the healthcare industry, which is increasing the potential security risks. The increase in the technologies within healthcare industry is also increasing the unauthorized access of the healthcare information electronic protected. It is because due to use of technology, most of the covered parties have transferred their processes and operations on electronic systems from the paper processes, which is reducing the security of healthcare information for businesses as well as for individuals (Trinckes, 2012). The technological advancement is creating the problem for healthcare organizations in protecting electronic protected heath information, which is creating risks for the individuals and businesses. The electronic health records are accessed by the unauthorized person, which is also creating problems for healthcare organizations to protect the privacy of their patients (Wu, 2007).

 

The security rule of HIPAA addresses this problem by ensuring the proper authentication on the information access, which reduces the possibility of unauthorized access and facilitates the protection of healthcare information of individuals (Wu, 2007). This legislation sets the standards at national level for the security of electronic protected health information of individuals. For this, it ensures three safeguards namely administrative, technological and physical safeguards, which are effective to ensure authorized access and to eliminate the problem of healthcare information fraud and abuse (HIPAA Security Rule, 2013).

 

The set of standards under the HIPAA security rule binds the covered entities to adopt the responsible and appropriate policies and procedures as per the provisions of security rules. This legislation provides the information about the safeguards, which are essential for the firms to protect the healthcare information of individuals (Trinckes, 2012). The security rules defines the confidentiality for the covered entities that means that electronic protected health information should not be disclosed to unauthorized person, which is effective to reduce the problem of security concerns over the healthcare information of people in the current technological environment. This rule also addresses the risks of potential security, which are increasing because of the rise in the use of administrative and clinical technologies (Press, 2008).

 

This rule is effective to govern the procedures through which the patient information are kept by the healthcare firms. The security rule is beneficial for the individuals to solve the issues related to discloser of their personal healthcare information, which may influence their living standard as well as their value within society (Wu, 2007). This security rule also includes two principles that are integrity and availability, which ensures that electronic protected health information of individuals is not altered or destroyers and it is only usable and accessible by an authorized person (Health Information Privacy, 2013). Protected health information of individual is kept in the electronic or paper based medical records, which includes information about the physical or mental health of the patients along with billing and demographic information. This rule facilitates the use and maintenance of this information in a secure fashion.

 

Effectiveness of Security Rule to Address the Problem

 

As the use of technology in the healthcare industry is evolving, the workforce in healthcare industry has become more mobile and efficient by the increased use of computers and technologies rather than paper processes. This rule of HIPAA is quite significant to increase the security of electronic protected health information. It is because this rule is mainly focused over the recent regulatory enforcement activities, which ensures the better protection of patient information (Beaver & Herold, 2003). The three major safeguards under the security rule namely administrative, physical and technological safeguards are significant to address the problem related to disclosure of patients’ electronic protected health information.

 

The security rule implemented some policies and procedures, which are required to be accessed by the covered entities to ensure that their policies and procedures for the security of electronic protected health information (HIPAA Security Rule, 2013). This rule also facilitates the information access management, which is consistent with the privacy rule standards and makes it essential for the covered entities to implement the policies and procedures for the authorized access. It is helpful to eliminate the possibility of wrong use of patient information by the unauthorized people. This rule also determines that covered entities should provide appropriate training, supervision and authorization of the workforce members, which are working with electronic protected health information (Security Standards: Administrative Safeguards, 2007). At the same time, the strict and appropriate actions should be taken against the workforce members, which are found for the violation of these policies and procedures. Thus, this administrative safeguard of security rule of HIPAA is significantly addresses the problem related to protection of electronic protected health information.

 

This rule also ensures that the covered entities will limit the physical access by allowing the authorized access only, which is also quite effective to address the problem related to the security of electronic protected health information (Wu, 2007). Similarly, as per the technological safeguard, the covered entity must ensure about the access control, audit control, integrity control and transmission security, which provides a safeguard against the unauthorized access of patient information protected electronically (Security Standards: Physical Safeguards, 2007). Thus, it could be determined that the current status of security rule of HIPAA is quite effective to address the problem related to the security of patients’ health information.

 

But at the same time, continuous increase in the administrative and clinical technologies is affecting the ability of HIPAA security rule to protect the electronic protected health information of individuals. Similarly, security rule is flexible due to the different ranges of the covered entities. It enables the entities to implement the security standards as per their own analysis of needs in the specific environment (Security Standards: Technical Safeguards, 2007). This flexibility sometimes creates the issues of security of personal health information of patients (HIPAA Security Rule, 2013). The flexibility reduces the standards’ effectiveness to protect the electronic protected health information.

 

The rule does not provide any clear direction about the use o particular security measure to the covered entities in the industry as per their size (Health Information Privacy, 2013). It only provides some measures, which are required to be considered by the entities, which are as below:

 

• Size and capabilities of the firm
• Technical, hardware and software infrastructure
• Cost of security measures
• Impact of potential risks to electronic protected health information of individuals (U.S. Department of Health & Human Services, 2012)

These requirements and the other aspects of this legislation are significant to increase the effectiveness of the covered entities to ensure the protection of electronic protected heath information of individuals/patients. It also offers cost effective security measures, which are significant for the healthcare firms to reduce the cost of implementing security measures and to increase the protection of health information of individuals. The security rule of HIPAA is also effective to facilitate the different measures for the authentic access of the information, physically and technically with proper administration, which increases its significance to address the problem of health information security.

People Affected from the Problem

 

The security rule of HIPAA helps to protect the information of patients, individuals, which is stored and kept by the firms in the healthcare industry. The problem of information disclosure mainly affects the individuals, who have serious health problems. This rule is applied on the health plans, healthcare providers and healthcare clearing houses, who are engaged to transmit the health information in electronic form. Individuals provide their health information to these entities and these transmit the information electronically. The individuals’ private health information is protected through this legislation. Any individual or the group of individual, who pay the cost of healthcare, is affected from this problem (Health Information Privacy, 2013). It is because their information is protected electronically, which can be accessed by unauthorized person. It may influence these people in their life.

 

Future of Legislation

 

There is no specific information on the future of this legislation. But with the continuous changing technological environment, it could be determined that the legislation will required to be changed. It is because the technological evolution may influence the current administrative, physical and technical safeguards. Current technical safeguards could be obsolete from the technological development within the environment that will need to be updated for the protection of electronic protected health information (Security 101 for Covered Entities, 2007). The revision in the security rule’s set of standards could take place and the flexibility could be avoided in this rule by making similar standards for all the players in healthcare industry.

 

Conclusion

 

From the above discussion, it could be determined that the security rule of HIPAA is significant to provide protection to individuals, who pay cost for healthcare. It facilitates a set of standards for the protection of electronic protected health information of individuals. For the protection of electronic protected health information, this rule provides three major safeguards such as administrative, physical and technical as the standards, which are required by the covered entities to ensure in their organization for the protection of patient information.