Summary:
Patient privacy is a major issue for today’s healthcare providers. Safeguarding the confidentiality, integrity, and availability of patient information is no longer a goal—it is a legal requirement. Keeping pace with ever-expanding government regulations is an expensive and resource-intensive proposition.
The adoption of new technologies, such as electronic health records (EHRs) and on-line personal health services makes the task even more difficult.
Overview:
Challenges faced by healthcare providers include proliferation of healthcare regulations such as HIPAA—The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of an individual’s health information and governs the way healthcare providers manage and disclose protected health information (PHI). Healthcare providers must introduce appropriate systems and practices to comply with HIPAA.
Another one is the ARRA-HITECH—The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of the American Recovery and Reinvestment Act (ARRA) expand HIPAA privacy requirements and create new challenges for healthcare privacy and security teams. In particular, the act introduces new regulations governing the confidentiality of EHRs.
In addition to this, the FTC Red Flags Rule—The Federal Trade Commission (FTC) Red Flags Rule require healthcare providers to institute new systems and practices to combat identity theft. Providers have until June 1, 2010 to comply with this law.
The industry also needs to adhere to the State laws—US healthcare providers must abide by both federal and state regulations. Forty-five states have enacted privacy breach notification laws, many of which are more stringent than federal laws. International regulations—Healthcare privacy rules are not limited to the United States. The European Union and many individual countries and provinces in other parts of the world have implemented patient confidentiality laws.
Apart from this, adoption of electronic health records plays a major role. Healthcare organizations are implementing EHRs to bolster patient safety and care, increase efficiencies, and improve the exchange of information. New systems and practices are needed to protect the privacy and security of EHRs and ensure compliance with ARRA-HITECH and other electronic record keeping regulations.
The advent of online personal health record portal and services also affects the over-all patient privacy and security in terms of medical records. New web-based services offer a convenient way for individuals to manage their healthcare records online, but they raise privacy concerns and expose users to identity theft.
