Health Information Portability and Accountability Act

Introduction

HIPAA policy was established with the main intention of ensuring that the patient data are protected. Unfortunately, many organizations do not know that the violations of the HIPAA policy can have far-reaching implications. Organizations should ensure full compliance with the policy. The paper lays an extensive focus on the UCLAHS case.

Summary of the Case

After a serious investigation by the HHS, the UCLAHS agreed to compensate the violations of the HIPAA privacy rules. The University of California at Los Angeles Health System was fined 865000 dollars for the violations that it conducted (HIPAA, 2011). In addition to the payment of the fines, the facility also agreed to commit itself to a corrective action plan that will help in addressing the gaps of compliance with the rules (Klein, 2011).

The complainants revealed that the employees of the facility had access to the electronic health records of the patients without the patient’s consent. The investigations that were carried out by the Office of Civil Rights revealed that between 2005-2008 employees who were not authorized to get the patient’s data, accessed the health data of many patients who visited the facility to seek healthcare (Klein, 2011). These actions were against the HIPAA regulations that require that an organization should restrict the access of any unauthorized person to patient health records (Office of Civil Rights). The facility failed to observe HIPAA regulations since they neither sanctioned any employees found guilty nor allowed the access to patient data to only authorized personnel (Terry, 2011).

Organizations that are covered must take the responsibility for the actions of their employees. Due to the passed liability that health facilities have, it is imperative to conduct audit trails and training so as to ensure that the guidelines are followed (Terry, 2011).

In April 2008, it was revealed that the violations had occurred in three hospitals since they disclosed that some employees had accessed the patient health records of celebrities such as Maria Shiver and Tom Cruise (Terry, 2011). At the time when the violations were disclosed in 2008, the California Parliament passed a law that would see hospitals pay hefty fines if they were found to have committed the violations of HIPAA policy and privacy. The state had fined the facility 95000 dollars in 2009 due to the unauthorized access of medical records of Michael Jackson (HIPAA, 2011).

The facility agreed to put in place security mechanisms and privacy policies that would make it hard for authorized people to gain access to the patient data (Klein, 2011). The company also agreed to train the employee so as to acquaint them with some of the violations. The facility ensured that it will take serious actions against any employee who will have violated the privacy rules (HIPAA, 2011). An independent monitoring procedure will also be implemented as a way of providing a full compliance with the HIPAA policy (Office of Civil Rights n.d.). All the entities that are covered by the HIPA regulations should realize that HIPAA provisions are strictly followed.

Specific HIPAA Privacy and Security Rules

In the above case, there were a lot of violations of the HIPAA rules on privacy and security. At first, there was a breach of privacy and confidentiality provision. The HIPAA policy requires that all identifiable information is protected from unauthorized access (Terry, 2011). In the case under discussion, the employees had access to the information that was identifiable to some individuals, and this was a total breach of the privacy and confidential provision of the HIPAA policy (HIPAA, 2011). On the other hand, the organization had breached the privacy rules by failing to come up with the right measures that would ensure that personally identifiable information was not available to the individuals who were not authorized (HIPAA, 2011).

Some of the security rules were also violated. The organization failed to implement strong physical and technical measures that would ensure that the patient data are protected. According to the HIPAA rule, the organization must take access controls measures that would ensure that the data can be known only by the authorized individuals. Also, there was a security breach of availability (HIPAA, 2011). The institution should follow the security guidelines so as to ensure that data integrity and availability is upheld (Office of Civil Rights n.d.).

Penalties Involved

After the ruling, the UCLA health system was forced to pay a fine of $865,000. Besides, the facility was also expected to adopt a corrective action that would it to cope with such challenges (Brzezinski, 2012). The organization accepted to train its members and also promised to develop a monitoring system that would ensure that there is a full compliance. I feel that the penalties that were imposed in the above case were not sufficient for such a violation (Terry, 2011). The fact that the organization had already failed in its mandate to protect the integrity and privacy of the customer data was a good reason to impose heavy penalties. Additionally, compared with other cases, such as the CVS Caremark, the health care facility suffered more than two million dollars penalties. I feel that the penalties were not sufficient at all (Trinckes, 2013).

Understanding of HIPAA

HIPAA is a rule set with the main intention of protecting patient health information. The rule should ensure that the electronically transmitted information is protected (Office of Civil Rights n.d.). It provides that the personally identifiable information is protected from unauthorized access by the covered entities (Trinckes, 2013). Although the rule aims at protecting the access to patient information, it also ensures that there is a smooth flow of patient data in the organization. Furthermore, it guarantees the patients the rights to access their health records (Brzezinski, 2012). It allows the patients to request for alteration as well as obtain a copy of their records.

Related Free Law Essays

Your request should consist of 5 char min.