As an individual who has both worked for and been a patient of many healthcare organizations, I have very much come to appreciate the Title II regulations of the Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA. Throughout my years of involvement in the healthcare industry, I have always felt that HIPAA was an extremely important government regulation of the healthcare industry, as it provides clear compliance guidelines for businesses, and greatly benefits individuals as well as society.
Title II of HIPAA became the first legislation of its kind to provide privacy and security provisions for health information (ADEC, 2018). It also outlined numerous offenses relating to healthcare, enacted civil and criminal penalties for violations, and created several programs to control fraud and abuse within the United States healthcare system. Title II includes a number of rules called Administrative Simplification (AS) regarding privacy and security. Title II also required the Department of Health and Human Services (HHS) to increase the efficiency of the United States healthcare system by creating standards for the use and propagation of healthcare information. Such rules apply to what HIPAA and HHS define as “covered entities”, which include health plans, healthcare clearinghouses, and healthcare providers that transmit healthcare data in a way regulated by HIPAA (U.S. Department of Health & Human Services Office for Civil Rights, 2017). Essentially, all healthcare entities and organizations that use, store, maintain or transmit patient health information are expected to be in full compliance with the regulations of the HIPAA law (Datica Health, n.d.).
According to Datica Health, when fully adhered to, HIPAA regulations not only ensure privacy, reduce fraudulent activity, and improve data systems, but are estimated to save providers billions of dollars each year. By being aware of and preventing security risks that could result in significant compliance costs, organizations can focus on growing their profits instead of fearing potential audit fines (Datica Health, n.d.).
HIPAA from a Business Perspective
To learn more about this, I asked the owner of a small, independent pharmacy I worked at about his views of HIPAA from a business perspective. He replied, “With the law in place, organizations can have systemized and effective standard operating procedures that maintain the privacy of patient information. Historically, most organizations dealing with patient health information would maintain patient privacy as a matter of good business practices. With the passing of HIPAA in 1996, rules and regulations of what could and could not be disclosed became clearer and this easier to maintain.” His response shows how the HIPAA regulations are beneficial to business, and are more than just a bothersome set of rules for businesses to adhere to. Furthermore, his response highlights the importance of ethical business practices in healthcare and corporate social responsibility, since many organizations, such as his, already maintained privacy as “a matter of good business practices”. This speaks to the textbook concepts that society expects businesses to be socially responsible, and that being socially responsible is in the best long-term self-interest of business and increases the value and reputation of business. Additionally, since his business was already maintaining privacy, HIPAA regulations only made this easier by providing clear guidelines. Because of this, his business practices did not have to greatly change to comply with government regulations. His self-regulation meant that government regulation was not a massive burden to the business.
Since much of the literature surrounding HIPAA seems complex, technical, and oriented to healthcare businesses, HIPAA can be easily overlooked and disregarded by individuals who are not healthcare industry professionals. However, HIPAA is important not only for business and government, but also for society, as it benefits all individuals who receive any form of healthcare in the United States. HIPAA gives individuals the rights to their health information, including the right to get copies of their information, the right to make sure the information is correct, and the right to know who has seen their health information and what it has been used for. Individuals can choose who their health information is or is not shared with (U.S. Department of Health & Human Services Office for Civil Rights, 2017).
There are a variety of reasons for placing a high value on protecting the privacy, confidentiality, and security of health information. As Institute of Medicine researchers explain, some theorists depict privacy as a basic human good or right with intrinsic value, as they see privacy as an essential component of human well-being that is objectively valuable in itself. They believe that respecting privacy is a form of recognition of the attributes that make humans morally unique. However, the more common view is that privacy is valuable because it facilitates or promotes other fundamental values, including ideals of personhood such as personal autonomy, individuality, respect, and dignity and worth as human beings (Institute of Medicine, 2009).
Institute of Medicine researchers also describe how the bioethics principle of nonmaleficence (the ethical principle of doing no harm) requires safeguarding personal privacy. This is because breaches of privacy and confidentiality can not only affect a person’s dignity, but can also cause harm to the individual. When personally identifiable health information is disclosed to an individual’s employer, insurer, or family member, it can potentially result in an individual facing stigma, embarrassment, and/or discrimination (Institute of Medicine, 2009). Because of this, without some assurance of privacy, individuals may be reluctant to provide complete and honest disclosures of sensitive information even to their physicians. In one survey, one out of eight respondents admitted to engaging in behaviors intended to protect their privacy, even at the expense of risking dangerous health effects. Such behaviors included lying to their doctors about symptoms or behaviors, refusing to provide information or providing inaccurate information, paying out of pocket for care that is covered by insurance, and avoiding care altogether (Princeton Survey Research Associates, 1999). Ensuring privacy can promote more effective communication between physicians and patients, which is necessary for satisfactory quality of care, enhanced autonomy, and preventing economic harm, embarrassment, and discrimination (Institute of Medicine, 2009).
Privacy is not only valuable to individuals, but also to society as a whole. According to Institute of Medicine researchers, privacy furthers the existence of a free society, as it contributes to the maintenance of the type of society in which we want to live. American society specifically places a high value on individual rights, personal choice, and privacy (Institute of Medicine, 2009). In a 1999 survey of consumer attitudes toward health privacy, three out of four individuals reported that they had significant concerns about the privacy and confidentiality of their medical records (Princeton Survey Research Associates, 1999). Medical records can include some of the most intimate and personal details about a person’s life, such as one’s physical and mental health, social behaviors, personal relationships, and financial status (Institute of Medicine, 2009).
Polls conducted by Harris Interactive suggest that the privacy of health information has improved since implementation of the Title II HIPAA Privacy Rule. A 1993 survey by Harris Interactive showed that 27 percent of Americans believed their personal medical information had been released improperly in the past 3 years. However, In 2005,14 percent of respondents believed this had happened to them (Harris Interactive, 2005), and in 2007, 12 percent of respondents believed this had happened to them (Harris Interactive, 2007). In the 2005 survey, about two-thirds of respondents reported having received a HIPAA privacy notice after the implementation of HIPAA. Of these people, 67 percent said the privacy notice increased their confidence that their medical information is being handled properly (Harris Interactive, 2005). This shows that HIPAA has had a positive effect on society, as it assures individuals that their right to privacy of their health information is being maintained.
Conclusion
In conclusion, I strongly feel that HIPAA is an important government regulation of business. It provides clear compliance guidelines that have made it easier for business to effectively maintain the privacy of patient health information. HIPAA also benefits individuals, as it gives them rights over their private health information. Furthermore, HIPAA is advantageous to American society as a whole, as helps to maintain the free, independent, private society that is valued by citizens of the United States. Therefore, HIPAA is beneficial for business, society, and government, and is a necessary part of the interdependent relationship that the three have.
