Hippa And Data Breaches - Legal

Read Complete Research Material



HIPPA and Data Breaches - LEGAL



HIPPA and Data Breaches - LEGAL

Introduction

HIPAA means Health Insurance Portability and Accountability Act. It is a law that was legislated by the U.S. government to provide protection to the privacy of patients and to create uniform standards in the distribution and transfer of patient information. The law also aims to ensure that all people have access to quality health care and insurance coverage. HIPAA established new standards for the transfer and dissemination of patient information between health care providers and between providers and health insurance companies (Steinberg, 2009). Since the standards have been established, it is very important for health care providers and insurance companies to be well versed in them.

Discussion

HIPAA allows the disclosure of minimum amount of health data for a business partner to complete his work. The minimal disclosure relates to personal health information for health care treatment or payment, and operations (Figge, 2011). Treatment includes the coordination and management of health services. The payment includes insurance eligibility and determination, as well as administrative or financial measures for businesses.

Legal issue

A renowned pharmaceutical company 'CVS Caremark' had a lawsuit filed against by six independent pharmacies in Texas back in the year 2009. The pharmacy chain was charged with fraudulent practices under the federal RICO law. The pharmacy was also penalized for the embezzlement of trade secret and infringements of the HIPAA privacy rule. It was in early 2009 only that the CVS Caremark's pharmacy unit agreed for paying $2.25 million fine along with the establishment of remedial action plans which has to be followed according to federal government investigation of impending violations of HIPPA.

The claimants of the suit were members of American Pharmacies. It is a wholesale buying organization based in Texas. The allegation was that Woonsocket, R.I.-based CVS Caremark was violating HIPPA rules by a Federal Trade Commission-mandated firewall between its business units and pharmacy community. It was claimed that CVS Caremark has given all information to business segments so that they can use them for their marketing purpose. This is a practical example of violating HIPPA rule of privacy and security. Due to such incidents, patients do not choose pharmacy (Figge, 2011).

The main allegations also included that CVS Caremark was using information related to individual patients and their pharmacy specific data. All of this was carried out by contacting patients directly either by phone calls or mails. They had not only been inquiring patients about their pharmaceutical data but also persuading them to consume their products instead of other companies. The patients were advised to change their prescriptions and adopt new medicines by CVS Caremark. They had used electronic data management system which collected and recorded patient's information. CVS tried to answer that they had not done anything against the law however, their practices had clearly violated the HIPPA rules (Figge, 2011).

In the end, the CVS pharmacy settled this charge against them by paying a fine of 2.25 million dollars and entering into the agreement with the HHS Office for Civil ...