HIPAA Rocks!

HIPAA was built around five basic principles:

• First and foremost, health information (PHI) should be used for healthcare purposes.  It should be easy to use for healthcare purposes, and difficult for other purposes. Those who receive health information (PHI) must take real and reasonable steps to safeguard it, ensuring that it is not improperly used.
• The second principle is that technical security safeguards must be used to protect computerized health information (PHI). This includes audit trails showing who accessed the data and the tracking of any improper use of the information.
• The third principle is the patient's right to access of their own information.  They should have the right to inspect, copy, and if needed, to correct it.
• The fourth principle is accountability.  Criminal penalties or fines and imprisonment can be imposed on those who have breached the security and protection of health information (PHI).  The penalties for violation are higher for those acts that are committed for monetary gain.
• The fifth principle is public responsibility.  There must be a balance between protections of personal privacy against national health and safety or law enforcement priorities. 

If you have any doubt that there is a need for comprehensive federal legislation to protect the individual's right to privacy of their health information, here are some additional statistics to consider.
 

A Gallup Poll taken before the implementation of HIPAA reported the following: 

• 77% of Americans feel their health information privacy is very important.
• 84% said they were very concerned that their health information when computerized might be available to others without their consent.
• Only 7% said they are willing to store or transmit their personal information over the Internet, and only 8% said they felt a website could be trusted with this information.
• 90% said they trusted their doctor to keep their information private and secure, 66% trusted a hospital, 42% trusted an insurance company, and 35% trusted a managed care company to do the same.

If patients do not trust the healthcare system, some may never seek treatment, others may not give complete information, and there will be some who will ask their doctor not to document their actual condition or history to avoid having it entered in their record.  This lack of trust and confidence in the healthcare system means that health information may not be complete or accurate and that conditions may go undetected or untreated.  Undoubtedly, the result of this could mean that the quality of the healthcare services provided to them will be compromised. 
 

As consumers of healthcare services, we should all welcome this high level of discretion and confidentiality for our personal health information and for our family's health information.  HIPAA rocks!