HCR/220 Week 9 Final Project: How HIPAA Violations Affect the Medical Billing Process

The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information to carry out their public health mission. The privact rule also recognizes that public health reports made by covered entities are an important means of identifying threats to the health and safety of the public at large, as well as individuals. Accordingly, the privacy rule permits covered entities to disclose protected health information without authorization for specified public health purposes ( U.S. Dept. of Health and Human Services (HHS), 2003). HIPAA is known for its privacy and security rules that protect the privacy of individual's health related information and regulate who has access to a patient's confidential medical information. HIPAA affects the billing process by making sure that patient demographics are accurate and kept confidential. According to U.S. Dept of Health & Human Services (HHS), the HIPAA law acts as a safeguard of a patient's medical and health information in many forms. Furthermore, the law requires that anyone with access to a patient's health information must put in place of system to ensure its protection along with links of the chain of responsibility (2003). In the patients file there should be an authorization to allow a practice to use the confidential information and to bill that patient information to carrier for services. Without this authorization on file the practice may not release or disclose any patient information regarding any treatment that this patient has had and therefore will not be able to seek reimbursement from the payer (Valerius, Bayes, Newby, & Seggern, 2008). A patients medical records, the progress notes, reports and other clinical materials are legal documents that belong to the provider who created them but the provider cannot withhold the information in the records unless providing it would be detrimental to the patients health. This information belongs to the patient.

Medical insurance specialist handles issues such as requests for information from patient records, as they are trained to know what information can be released about patients conditions and treatments. What information can be legally shared with other providers and health plans and what information must the patient specifically authorize to be released (Valerius, Bayes, Newby, & Seggern, 2008). HIV and AIDS information is more sensitive than other types of health conditions because patients actually do not seek medical attention for fear of breach in confidentiality. This fear directly affects their health because they are not seeking treatment for the illness they have. HIV and AIDS is a sensitive subject considering the virus occurs more times than often resulting from a personal decision. Health care professionals should be empathetic and always remember professionalism is extreme essential when working with an individual diagnosed with HIV/AIDS. There's a lot of discrimination that arise associated with the disease. Therefore, on the behalf of patient confidentiality, laws and policies have been set into action to prevent unlawful use of patient information and to secure the trust of our healthcare system. Therefore, organizations involved with HIV care are aware of the need to protect confidentiality of those individuals receiving services. Accordingly, HIPAA has put into place rules and regulations with civil and criminal penalties to ensure confidentiality and the rights of individuals are protected. While HIPPA does not separately address HIV/AIDS patient information, individuals are still protected under the general guidelines regarding release of any health information including HIV status. Advocates encourage individuals to embrace this opportunity to use HIPAA as a way to discuss confidentiality with their healthcare professionals to know when information is being shared with others and why it is being done. This allows you to understand your rights and impact how your information is being protected. Not only does HIPAA have privacy regulations, it also has security rules that came into effect on April 21, 2005. The privacy regulations and security rules are the only national set of regulations that administers the use and disclosure of private, confidential, and susceptible information . Additionally, the most significant required safeguard under HIPAA are the

Sanction Policy and Security Awareness Training. The sanction policy requires a communication to all employees regarding disciplinary action that will be taken by the covered entity for violations of HIPAA. Moreover, the security awareness training standard requires all employees, agents and contractors to participate in information security awareness training programs based on job responsibilities, as the program focuses on issues regarding use of health information and responsibilities regarding confidentiality and security (Amaguin, 2011). As long as HIPAA exists, the privacy of every patients medical information including any information about HIV and AIDS will be protected and information will remain confidential. HIPAA attempts to address some of the barriers to healthcare coverage and related job mobility impediments facing people with HIV as well as other vulnerable populations. HIPAA has three main goals. The first is to provide persons with group coverage new protections from discriminatory treatment. The second is to enable small groups, such as businesses with a small number of employees to obtain and keep health insurance coverage more easily. The third is to give persons losing or leaving group coverage new options for obtaining individual coverage (Center of Disease & Control (CDC), 2011). These laws provides several protections important to people with HIV/AIDS such as limits but does not elimate the use of pre-existing condition exclusions, prohibits group health plans from discriminating by denying you coverage or charging additional fees for coverage based on an employee's family member's past or present poor health, guarantees certain small employers, and certain individuals who lose job-related coverage, the right to purchase individual health insurance and guarantees, in most cases, that employers or individuals who purchase health insurance can renew the coverage regardless of any health conditions of individuals covered under the insurance policy (CDC, 2011). HIPAA is overseen by the Office of Civil Rights which handles investigation of complaints and enforcement of the law. If a patient suspects that their privacy has been violated, they should file a

complaint with the OCR in writing, e-mail or fax with the name of the organization suspected of the violation and the the nature of the alleged violation (HHS,2003). Once a complain of HIPAA violation is filed an investigation begins, which the OCR gathers evidence and information from both sides to see if there is a claim to file a complaint. If the organization is found to be in violation, the OCR will take the necessary actions against the organization, which can be criminal and is referred to the Department of Justice (HHS,2003). In health care ethics should be about making commitment towards positive values to help with the well being of the individuals, which is why they must have rules and regulations in place so that people can be prevented from any kind of harm and so that they can live a healthy lifestyle. Ethics promotes education and training to assist individuals to develop the skills needed to compete and to achieve the response for moral action. Furthermore, federal law imposes statutory burdens on health care providers to protect against improper use or disclosure of private health information and to reasonably limit uses and disclosures to minimum necessary to accomplish their intend purposes (Amaguin, 2011). There are a few legal ramifications of improper information disclosure which the U.S. Department of Justice has clarified that there are a few penalties that may be assessed and whom these penalties may be against for these violations. Covered facilities and persons whom "intentionally" attain or disclose individually identifiable health information in violation of HIPAA may be fined up to $50,000, as well as imprisonment up to one year (Amaguin, 2011). Offenses committed under insincere or feigned behavior allow penalties to be increased to a $100,000 fine, with up to five years in prison (Amaguin, 2011). Finally, offenses committed with the intention to sell, transfer or use individually identifiable health information for commercial advantages, personal gain or malicious harm permits fines of $250,000 and imprisonment for up to ten years (Amaguin, 2011). Health care providers should review their privacy and HIPAA policies and conduct an audit of their practice in order to protect against improper use and disclosure of private health information and to reduce the risk of privacy breaches, as adhering and demonstrating to the regulations of HIPAA makes

sure that all the safeguards have been implemented. References: Amaguin, R.(2011). HIPPA Law Protects Against Improper Disclosure of Health Information by Health Care Providers. Retrieved from http://www.amaguinlaw.com. Center of Disease and Control (CDC) (2011) HIPPA: HIV & AIDS Laws and Policy. Retrieved from http://www.hivatwork.org/law/hipaa.cfm. U.S. Dept of Health & Human Services (HHS). (2003) Understanding HIPPA Laws and Regulations. Retrieved from http://www.hhs.gov/policies/index.html. Valerius, J., Bayes, N., Newby, C., & Seggern, J. (2008). Medical insurance: An integrated claims process approach (3rd ed.). Boston: McGraw-Hill.