CRIMINAL LAW/CIVIL LAW

Criminal Law/Civil Law

Criminal Law/Civil Law

Introduction

HIPAA refers to a federal statute, the Health Insurance Portability and Accountability Act, passed by Congress in 1996. Prior to the enactment of HIPAA and its Privacy Rule, confidentiality of health care information, protected by a patchwork of state statutes; the common law right to privacy, enforced by tort actions for invasion of privacy; and the ethical requirements of confidentiality assumed by all health care professionals, violations of which could lead to discipline imposed by state licensing boards. However, there were numerous and recurring reports of confidentiality breaches. Care recipients have the right to object to some of the uses of protected health information: inclusion in the institution's directory information and disclosure of information to the other person. They are required to be given a “Notice of Privacy Practice” by health care providers and sign a document that they have received the notice (Pozgar, 2007). In this paper, we will discuss the role of Health Insurance Portability and Accountability Act, with reference to the practices followed by Health care Providers. For this purpose, we will examine a case of a doctor who has shared the patients' private medical records to a friend for advice. We are requires to evaluate whether there has been a violation of the Health Insurance Portability and Accountability Act (HIPAA), If the doctor is in violation of HIPAA, might he be subject to criminal prosecution and, if found guilty, what penalties might he face.

Discussion & Analysis

In order to understand whether the practice of sharing patient's information with a friend is a violation of HIPAA or not, we first need to understand the practices that are adjudicated as a violation and the rules and privacy policies made under the Health Insurance Portability and Accountability Act. The principal goal of HIPAA was to allow portability of health insurance. That is to permit employees to take their health coverage with them when they change employers. The law contained several other provisions related to health care, however, the most notable being one related to privacy of health information. The statute created the authority for extensive regulations in three areas. First, it mandated regulations creating a national standard for health care privacy, applying to all health care providers that transmit information electronically. The second area was electronic and computer security. Rules developed that created consistent standards for all computers that contain information that is identifiable and relates to a person's health or medical treatment. The third area relates to the processing of medical claims for payment. This requires the use of a uniform set of identifiers and transaction codes for all providers and health insurers in processing claims for reimbursement. This area intended to achieve greater efficiency and cost-effectiveness in the processing of health care claims. During the development of the HIPAA legislation, congressional hearings held, and extensive comment received by Congress on the subject of privacy of patient care information. In the hearings, individuals testified about problems they had experienced when information about their health ...