Content area
Full Text
Healthcare providers need to be part of the solution to consumers' privacy worries, by building trust through education.
At a time when health information is increasingly available online, and clinicians are transitioning from paper to electronic medical records, consumers remain concerned about protecting this highly sensitive personal information. They fear an unauthorized person might see their health information; they might be denied insurance, credit, or employment opportunities; and they're worried about identity theft, fraud, discrimination, and embarrassment (Dimitropoulos et al., 2011b). The technology for securely storing and sharing health information continues to evolve to allow increased data sharing and aggregation within the healthcare system. While these changes could provide many benefits by reducing costs and improving quality of care, they also present new privacy challenges.
This article provides an overview of the current framework for protecting the privacy of health information; explores technology trends that affect health information privacy; discusses the current state of privacy protection in the healthcare sector; and, describes suggested practices for healthcare professionals to be able to enhance privacy and build trust with their patients.
Health Information Privacy Basics
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) instituted a national legal foundation for health information privacy. The law established broad principles and called for the Department of Health and Human Services (HHS) to issue detailed privacy and security standards if Congress did not do so within a specified time frame. HHS subsequently issued implementing regulations known as the Privacy Rule and the Security Rule. HIPAA and the Privacy Rule do not apply to every entity that maintains health information but to covered entities-health plans that provide health insurance benefits; healthcare providers such as doctors, other healthcare professionals, and, hospitals that conduct electronic transactions; and, healthcare clearinghouses that format health data.
The Privacy Rule permits the sharing of health information without patient authorization (consent) for treatment, payment, and healthcare operations, and for other specified purposes. All other sharing requires written authorization from the individual. Most disclosures are not mandatory, giving providers broad discretion in whether or not to share health information with other entities (U.S. Congress, 1996; The HIPAA Privacy Rule, 2013; Koontz, 2013). The HIPAA Security Rule is designed to ensure that health information is protected from unauthorized...