Posted: August 4th, 2022

Examination of Health care Laws

EXAMINATION OF HEALTHCARE LAWS: HIPAA LAWS
Please use textbook as reference
Pozgar. G. (2019). Legal Aspects of Health Care Administration. Burlington, MA. Jones & Bartlett Learning

20 Oct 2020 14:19
First: reviews these health care laws:

Stark Law.
HIPAA for Professionals.
HITECH Act Enforcement Interim Final Rule.
Emergency Medical Treatment & Labor Act (EMTALA).
A Roadmap for New Physicians: Fraud & Abuse Laws; Anti-Kickback Statute.
The Genetic Information Nondiscrimination Act of 2008.
Second, you pick one of the health laws to examine, which is why there are links below (in the assignment) to the laws.

Third, imagine you work as an administrator in a hospital or health care organization. You are being considered for a promotion and are being asked to prepare a report for senior leadership that demonstrates your knowledge and interpretation of one of the above-mentioned health care laws.

To complete this report, select a court case (you will have to do some research on the Internet to locate a court case in the US related to the law that you have selected. For example, if you pick HIPAA you could locate a case where patient data was breeched, for example: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/new-york-and-presbyterian-hospital/index.html.

You should divide the paper into these 5 headings using bold type so it is clear where you have covered this information:

Analyze a court case where a health care law violation occurred.
Analyze the health care law that was violated in the selected case.
Evaluate the implications of the selected law on the health care system.
Recommend how the hospital should protect against another violation.
Support your thesis statement following the SESC formula (State, Explain, Support, and Conclude).

Paper should have a title page, the 5 sections, and a reference page with at least 3-4 peer reviewed scholarly references in Help write my thesis – APA format. You should use in-text Help write my thesis – APA citations throughout the paper and proof read carefully for grammar errors. The entire paper should be 4-6 pages from title page to reference page; so, basically 1 page for each of the 5 elements with a title page and a ref page.

The Blue Cross Blue Shield of Tennessee Data Loss
Unwarranted exposure of private information remains one of the most alarming and most likely sources of conflict between a patient and their institution of care. Patient’s documents’ privacy remains to be as important as the care the hospital gives to the patients medically. Therefore, privacy violations continue to be as unprofessional as just any other aspect of irresponsible caregiving within the medical field. HIPAA is a law on privacy and security standards has several important requirements for reducing and addressing breaches. The Blue Cross Blue Shield of Tennessee (BCBST) in 2012, was discovered to have over 57 unencrypted computers which contained patients Protected Health Information (PHI) compromised. As such, over 1 million documents had been lost or stolen from the institution’s storage facilities.
PHI under the HIPAA Law is regarded as identifiable health patient information stored, maintained, and often used under HIPAA guidelines. This information constitutes personal data, and if compromised, they might be used to harm the patient’s well financial and physical well being (Pozgar 2019). BCBST was deemed to be in direct violation of the 2009 Stimulus bill. This regulation placed additional responsibilities on third parties with access to patient information for financial accountability to protect them. By categorically depriving the patient access and direct control to their medical record and placing patients at risk for failing to protect their private healthcare information, BCBST was held liable before the law.
Further research identifies that the regulators at the office of civil rights cited BCBST to be categorically slow in response to notify the OCR of the breach of data. Additionally, they were not transparent in reporting the breach of data. Their investigation was not widely and accurately documented to bring forth the root cause of the problem in the immediate aftermath of the breach (BakerHostetler, 2012). Key findings identify that there were several gaps and negligent conduct within the BCBST compliance program. Rodriguez, the director of the HHS Office for OCR, stated that had the gaps in employee training with up-to-date HIPAA law guidelines on how to handles confidential documents, the breach would not have occurred (HHS).
In the aftermath of the investigation, it was revealed that some of the information leaked to potential fraudsters, and other vices likely to take advantage of the patients’ loss of records were their social security information, Dates of Birth, Health plan numbers, contact information, and their medical diagnosis codes. BakerHostetler (2012) identifies that BCBST had not categorically encrypted the majority of the files. Still, BCBST identifies that it had identified the significant amount of patients put at risk, and corrective actions were taken to inform them. In this regard, key areas of breach revolved around a lack of compliance with guidelines and slow response to critical loss of data, implying the general lack of security for patient documents.
HIPAA Violations
Healthcare providers use PHI documents. They are important as they help assess patients’ health and create a comprehensive health plan for the health insurer. They can be used by the patient when formulating various business or financial association within the real world. Loss of these documents was thus an extreme violation of the HIPAA law since it compromised their medical records’ security and privacy. Pickering (2003) identifies that the HIPAA laws’ goal, among others, is to implement privacy policies and procedures and establish and establish security and integrity protection for important health information. Depriving the patients of their rights to use and control their medical information and directly violate the 2009 stimulus bill that categorically suggested and implemented the requirements for addressing breaches.
Under HIPAA, the privacy of patient information is paramount. Clients are given the right to inspect their records, get a copy and request correction on the data, disclosure of their information or divulging information outside the covered health care component require authorization or need to be only for treatment, healthcare operations, or payment (Hecker and Edwards, 2014). It was identified through reports that lack of compliance with basic HIPAA laws cost BCBST 1.5 million dollars. Nicastro (2012) identifies that “the health insurer agreed to a $1.5 million settlement with the Office for Civil Rights (OCR) over potential HIPAA security violations and spent another $17 million in breach response costs.” The basic requirements under the HIPAA law include policy mastering and implementation, training of staff indirect access to customer PHIs, regular monitoring, and the conduction of risk assessment. BakerHolsteter (2012) identify that BCBST had not even encrypted a considerable amount of the PHI and tasked 800 of its employees to conduct the encryption process.
The implication of HIPAA Laws
The Health Insurance Portability and Accountability Act (HIPAA) is mostly associated with a patient’s privacy. The provision under the law is meant to maintain a patient’s data integrity and ensure that the patient’s data’s confidentiality is maintained to prevent any harm by access from a third party (Pozgar, 2019). Miller and Schlatter (2011) identify that under the law, the covered entity has the most power on how their information can be disclosed, most often requiring a written authorization. Covered entities can share their PHI in circumstances where they require treatment. The receiving entity is required to maintain and follow HIPAA regulations and standards in using the documents.
The U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) work together to enforce HIPAA laws (Pozgar, 2019). Moran et al. (2004) identify that the OCR has the power to receive and investigate complaints against any covered entity on issues surrounding the privacy rule. Ziel (2004) identifies that HIPAA privacy regulation requires covered entities to implement administrative, technical, and physical safeguards necessary to protect patient information. These policies work to protect and control the access, removal, and storage of a patient’s PHI. They also dictate who, when, what, why, and how the data can be accessed. All processes involving the patient need to be communicated to them inform of writing unless there is express permission provided by the patient on their data.
Recommend how the hospital should protect against another violation.
HIPAA security requirements, in this case, revolved around the training of employees to familiarize them with the updated guidelines and additional regular monitoring of the general systems to identify the problem. The safeguards fell under three categories the administrative: to ensure training and regular assessment, technical which included encryption of the documents and physical surprise monitoring, and limited access to PHI relative to the amount of training offered to employees. Categorically, HIPAA identified a need for the development and implementation of policies and procedures that incorporate risk assessment and a risk management plan (Moran et al., 2004). BCBST was to feature an elaborate list that highlights access and control of the facilities where documents are stored and incorporation of physical safeguards that give additional oversight to software protocols governing the media files’ storage.
Regular training of the staff was also a requirement for all employees with access to the ePHI files. Pearl (2014) identify that HIPAA Law in this context required surprise visits to ensure that all protocols and procedures were always followed. This is to be subjected to all third party facilities and an evaluation program that sampled all training, policy, and procedure implementation process for all employees with access to the ePHI. This categorically was to be used to enforce and monitor the recovery process at the BCBST electronic storage facilities responsible for the oversight and management of patient PHI.
Conclusion
HIPAA laws provide privacy safeguards to patient information, often controlling how third party entities use patient data. They are created to ensure that the patient provides consent to the use of their data. Companies that require the patient’s data are required to fulfill certain preconditions and maintain certain safeguards to prevent the loss of access to patient information without the patient’s authorization. Failure to offer adequate protection may result in litigation against the company.

References
BakerHostetler. (2012). HIPAA: HHS settles violations related to breach for $1.5m | Lexology.
Retrieved January 13, 2020, from https://www.lexology.com/library/detail.aspx?g=3b829226-2cd6-4599-a982-38f95c456c3f
Hecker, L., & Edwards, A. (2014). The Impact of HIPAA and HITECH: New Standards for
Confidentiality, Security, and Documentation for Marriage and Family Therapists. American Journal of Family Therapy, 42(2), 95–113. https://doi-org.sbcc.idm.oclc.org/10.1080/01926187.2013.792711
Miller, R., & Schlatter, T. (2011). NAVIGATING HIPAA IN CLAIMS LITIGATION. GPSolo,
28(6), 26-27. Retrieved October 23, 2020, from http://www.jstor.org.idm.oclc.org/stable/23630426
Moran, M., Holloman, S., Kassler, W., & Dozier, B. (2004). Living With the HIPAA Privacy
Rule. Journal of Law, Medicine & Ethics, 32(4), 73–76. https://doi-org.sbcc.idm.oclc.org/10.1111/j.1748-720X.2004.tb00193.x
Nicastro, D. (2012). Experts: Lack of HIPAA basics cost BCBST $18.5 million –
www.hcpro.com. Retrieved January 13, 2020, from http://www.hcpro.com/HOM-277726-6962/Experts-Lack-of-HIPAA-basics-cost-BCBST-185-million.html
Pearl, S. (2014). HIPAA: CAUGHT IN THE CROSSFIRE. Duke Law Journal, 64(3), 559-604.
Retrieved October 23, 2020, from http://www.jstor.org.idm.oclc.org/stable/24691898
Pozgar. G. (2019). Legal Aspects of Health Care Administration. Burlington, MA. Jones &
Bartlett Learning
Pickering, C. F. (2003). HIPAA Privacy and Security: Developing a Culture of Privacy. Journal
of Controversial Medical Claims, 10(3), 14–21
Ziel, S. E. (2004). Guard against HIPAA violations. Nursing Management, 35(4), 26–27.
https://doi-org.sbcc.idm.oclc.org/10.1097/00006247-200404000-00009

Order | Check Discount

Tags: Examination of Health care Laws