HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. HIPAA is responsible for health insurance coverage for workers and their families, especially when the worker changes or looses their jobs. President Clinton signed this on August 21, 1996. It was considered a Public Law 104-191. To decrease the organizational costs of health care a separate section is included in the law. It is required by the law that all health plans, including ERISA, healthcare clearinghouses and any dentist who transmits health information in an electronic transaction are required by HIPAA to use a standard electronic device.
The federal law, known as HIPAA legislation was enacted on August 21, 1996 and the Congress did this. It was an endeavor to encourage the development of health information systems. This system was to enable the electronic exchange of health care information. The Department of Health and Human Services was asked to develop regulations for the use of electronic transaction standards, security, privacy, and uniform identification numbers for physicians, health plans and purchasers of health care and so on. Some of these regulations are published while some are still in the draft form.
The health care industry is steadily moving to base patient records and the delivery of health care information. For all these information the use of computer networks has heightened concerned about the security of that information. Since the networking technology is becoming more common with every passing of the day, therefore it has also very necessary to implement safeguards to protect the privacy of patient data through employing adequate security technology into the network infrastructures. According to Cisco Systems health car industry has the highest percentage o Internet vulnerabilities. For example the vulnerability found in health care Web servers is 61.07 % if we compare this percentage with other industries, we found only 27.37%, which is an alarming situation for the health care industry. According to Cisco expert this vulnerability has occurred due to sharing of information. The health care industry was very much apprehensive about the network security and now the government has understood the importance of protecting patients’ privacy. The government has developed health care privacy and security legislation.
The Health Insurance Portability and Accountability Act of 1966 propose a set of standards and it tries to regulate the electronic interchange of health information. It also protects the confidentiality and security of electronic health information. Virtually all segments of health care is covered by this legislature. Any information about health care, which is transmitted electronically, is covered by this legislature. One of the main purposes of HIPAA is to help the Congress and the US Department of Health and Human Services to develop and enact the regulations regarding the maintenance and transmission of health information regarding very patient.
It is almost impossible to integrate all the components of security like administrative procedures, physical safeguards, technical security services etc. HIPAA gave a little bit new definition to the security system:
1. The standard should be scalable or in other words all sizes of health care entities would comply with the standard.
2. The standard should be comprehensive, i.e. the security system should act as a unified system. It should not act as piecemeal products that do not communicate with each other.
3. It should be technology-neutral i.e. specific security technology should not be referred or advocated. It should be kept in mind that technology is constantly evolving.
To protect the reliability, privacy and availability of electronic health date, HIPAA recommends several requirements that should be incorporated in the final health care security standard.
According to HIPAA the first preference should be given to administrative procedures. Security measures to protect data and the conduct of personal in relation to the protection of date should have proper training. The access to computer systems and facilities should be restricted for any unauthorized person. The use of locks, keys and administrative should be employed. Security measure should also be made to protect the equipments from fire, environmental hazards and physical intrusion.
The health care industry's steady move to electronic-based patient records and the delivery of health care information using computer networks has heightened concerns about the security of that information. With the proliferation of networking technology in health care, the need to implement safeguards to protect the privacy of patient data is paramount. However, many health care organizations have been reluctant to incorporate adequate security technology into their network infrastructures. According to observations made by Cisco Systems security consultants while conducting security posture assessments of health care organizations, the health care industry has the highest percentage of Internet vulnerabilities. For example, health care Web servers are found vulnerable 61.07 percent of the time, while the average throughout other industries is 27.37 percent. The Cisco consultants noted the common concern among health care organizations that security presents obstacles to sharing information.
The network technologies have enabled many facilities to the health care industries. It has helped enhance services, it has made possible to greater access to information and higher level of availability. As a result the customers have found increased satisfaction. Though other industries have easily adopted internetworking technologies but health care industry can be cited as the prime example, which benefited this technology.
Electronic health or e-health has become very popular in the recent days. They have found out the use of computer networking improves the efficiency of their operations. This technology has provided for the first time the ability to the physicians to practice medicine remotely and to assess patients in isolated location via the Internet. This kind of treatment is called telemedicine. Since every data and condition has to travel form one end to the other therefore complete secrecy is required. Through the application of HIPAA, such fear will not arise and all the date of the patient will be in a safe technology, where no one will be able to break it.
Information technology has proved its worth and has shown its potential for improving health care in the United States. The equipment or the hardware and software is not that much that a hospital would find it difficult to put in its budget. A fully loaded computer, an Internet connection and software to run the health program is needed. The main part is to protect the records of the patients, which will be transmitted from one computer to another and from one doctor to another doctor. After digitizing the records of the patients, these information are linked to an Internet. Now physicians, nurses, dieticians, pharmacists and other users who may use this information in different parts of the country or even world can easily retrieve this information. Sometimes small information becomes so critical that the life of a patient is saved due to that information.
When medical records and information technology meet with each other, a very big question of privacy arises. If the record falls into the wrong hands, what would happen to the patient? How can us safe the records from the hackers. As we know that quality health care is dependent on quality information and the procurement of information is becoming very risky every day.
We know that every problem has a solution, it might be complete or incomplete, but still there is a hope. On the technical side, health care organizations can use security technologies such as passwords, access controls, firewalls and encryption etc. These will protect data that is stored in enterprise computers. To be on the safe side they should be trained so that they may understand the use of security technologies.