Final Project Two Milestone TwoKaty AcreeSouthern New Hampshire UniversityIHP 501 Global Health and DiversityJuly 26, 2020
IntroductionPolicyHealthcare delivery is rapidly changing into an electronic based service. According to the CDC, as of 2017, 85.9% of physicians in the United States are using some type of an electronic medical record, or EMR (CDC, 2017). Technology is evolving which allows providers and healthcare systems to provide better and more efficient care. Patients now have greater access to their medical information than ever before. With this evolution in technology comes the need for greater security to protect a patients’ private medical information. In 1996 it became clear to Congress that “advances in electronic technology could erode the privacy of health information” and provisions were needed to protect the privacy of a patients’ healthcare information (HHS, 2017). With that thought in mind the Health Insurance Portability and Accountability Act (HIPAA) was created which set the standard for the protection of “individually identifiable health information” (HHS, 2017). “Individually identifiable health information” is defined as demographic information that relates to a patient’s previous, current, or future physical or mental health condition, and the type of care provided. In addition, it includes any common identifiers like name, date of birth, or social security number (HHS, 2013).HIPPA began in 1996 with a public law which included provisions that required the Departmentof Health and Human Services (HHS) to adopt specific standards for security and health identification. In 2000, the final Privacy Rule was published with modifications occurring in 2002. The rule set the standard that both health plans and health providers had the obligation to protect the individually identifiable health information of a patient. In 2003, a final Security Rule was passed which protected the “confidentiality, integrity, and availability of electronic protected health information” (HHS, 2017). It was required that all plans and providers comply with this rule by April 20, 2005.
Another piece of patient privacy and security that goes along with HIPAA is the Health Information Technology for Economic and Clinical Health Act or HITECH. HITECH places emphasis on privacy and security. It changed the relationship between payers, patients, and healthcare organizations by “focusing on the implementation and use of health information technology” (Burde, 2011). The HITECH act applies financial penalties to those violations of HIPAA. It creates “four categories of violations that reflect increased levels of culpability; four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation and; a maximum penalty amount of $1.5 million for all violations of an identical provision” (HHS, 2017). Prior to 2008, only 10% of providers had adopted an electronic health records (EHR) system. The HITECH Act encouraged providers to implement an EHR which provided increased security protections for personalhealth information. A financial incentive was offered to those who would be implementing an EHR