Why is HIPAA necessary?

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, has far-reaching implications for patient privacy across the healthcare sector. Primarily, it is concerned with protecting patient privacy. It does this through a variety of means: HIPAA requires that all healthcare staff, and other staff members that may come into contact with private data, undergoes HIPAA compliance training. This both raises the profile of patient privacy within an organisation and ensures that all staff know what is required to be HIPAA-compliant. HIPAA also requires that all data is password-protected, meaning only those authorized to access it can. It also requires that all data is sufficiently encrypted so that if a breach does occur, those who have stolen the data cannot read it.

Data privacy has gotten a lot of media attention lately, so it will come as a little surprise to some why there is such a focus on healthcare privacy. However, others might be unaware of the scale of the threat: healthcare data is highly prized amongst cybercriminals as it has a longer “shelf life” than other types of data. Credit-card fraud is common, though it can be remedied relatively quickly by canceling all credit card numbers. However, if a social security number has been stolen, it is a lot harder to prove fraud and then request a replacement. As such, in recent years more and more cybercriminals have chosen to attack healthcare databases. The data used from these medical files can be used in a wide range of criminal activities such as setting up new fake identities or making fraudulent health insurance claims.

But cybercriminals are not the only things threatening data integrity: human error also has its role to play. Though it is almost inevitable staff will make mistakes from time to time, these mistakes can have potentially dangerous consequences for patients if it involves the unauthorized disclosure of healthcare information. Many staff in hospitals will now choose to bring their own portable electronic devices to work and use them as part of their daily workflow. Unfortunately, though it is rare, these devices may be lost or stolen. However, because HIPAA requires that all patient data is password-protected or encrypted, such losses of data pose less of a threat.

HIPAA is also necessary to safeguard other patient rights. Under HIPAA, all patients have the right to access their personal medical records. The act requires that all responses to access medical records must be acted upon without undue delay, but also that they are acted upon regardless of whether or not patients have outstanding medical bills. This ensures that there is no disparity in access based on wealth. Patients can also request changes to be noted on their medical record. Any changes must be approved by a healthcare professional, though if there is a disagreement between the patient and the healthcare worker, the disagreement can still be noted. Patients can also request that their healthcare data is sent on to anyone of their choosing, including other healthcare professionals.