Violations of HIPAA

Administrative ethics and privacy issues concerning health care include any gaps in it, which are considered as violation of the HIPAA (Health Insurance Portability and Accountability Act of 1996). A very important issue is their considerably frequent appearance within the administrative departments of any organisation. The workplace realities always have to be observed according to processes, which were determined by the administration of an organisation regarding the involvement of the parties in the privacy issues. This is often being ignored or simply not observed on the level it should be. Such conduct sometimes leads to heavy consequences, which cannot be controlled any more by the parties; at the same time the third side involvements are impossible to be eliminated.

Recently, there was a case of The Hospice of North Idaho, which had to pay a maximum charge of $50,000 according to the first HIPAA settlement. A reaction on this was an extreme emphasis on the higher data protection compliance issue. The investigation that has led to this settlement had started in 2010, when a laptop storing 411 individual electronic health records was stolen. The director of the U.S Department of Health and Human Services, Leon Rodriguez, enhanced on the significance of settlement of this case.

This issue mostly affects the nursing population, which has the easiest to the patients' data. There have also been certain cases, when the personnel was sharing the notes regarding personal patients' data records. It also relates to the chiefs of the departments, who have to take some actions, which will protect patients' safety and confidentiality rights. The investigation on the given cases has shown that less than a half of the staff was trained to handle such situations in accordance with the general regulations. The judgement was simple: adamant requirements on staff training methods and practices of secure data holding.

Rodriguez emphasised the importance of the strict enforcement of the procedures concerning HIPAA and implementation of the encryption, which will help to make the records unusable for the third parties. He stressed that the solution could be even straightening of the user names and the passwords of the authorised personnel. Such proposal of strict enforcement of the regulations and control over them had to make it harder to undertake any mistakes in future. Once again, the improvement of the education of the staff in this matter has been supported. Additionally, the improvement of the risk analysis practices, , which would in their turn improve the data storage and help in eliminating such potential breaches, was proposed.

The ethical issues that were raised by this case are obvious. They are strictly combined with the law issues. The staff had forgotten about the importance of ethics in securing the computers and all the data stored in them, which could bring serious problems to the patients. The patients' liability to the staff has been set more than on a dangerous border. The trust into all practices provided and proposed by the hospital could have been set under a question mark. Not even mentioning the legal aspects, which were indicated by the penalties, imprisonment, deprivation of the degree, and unemployment. All of those factors clearly have to be regulated by the legal authorities.

Clearly, all the responsibility always lies on the chief of the management of any organisation. If none of the staff members was trained in a proper way, if no techniques on data outflow prevention were implemented, and no penalties within the organisation were set, anything could happen. The administration should be aware of their ethical responsibilities before their staff and their patients. As the brain is responsible for any action that our body takes, so the chief is responsible for everyone under his jurisdiction. If he/she does not provide the patients with a staff that cannot work without violations, then this is his/her own irresponsibility before the patients. Also, if he/she does not implement the necessary techniques into a daily routine of the staff, which will cover all the HIPAA requirements, it will be hiser/ irresponsibility before the staff. Immediate actions should be taken with every notion of any small violations that can happen and can be prevented. A good idea is to hold the records of the staff members, who have an access to the secured data; only these people should be able to possess this data. However, the further spread of it has to be forbidden. There was a registered case on one of the cases of HIPAA violation practices; it stated about clinical and surgical appointments on the pages of interned-based calendar. So, there was no appropriate safeguard of the patients' personal information. The penalty in this case was $100,000, as the hospital failed to control the records, which were built by staff.

The best solution in implementing any regulation is, first of all, a brief explanation of its content, and then a strict control of the processes of implementation and development. Many of the violations are committed because of misunderstanding of the regulations and the boarders of the jurisdiction over them. This is confirmed by the hundreds of anonymous blogs of the nursing staff, where they post questions about their behaviour and seek a piece of advice on it. Not only the staff of the organisation should be well informed about the possible margins that cannot be overtaken, but also the patients should have an opportunity to learn, in which way their data could be used in a non-authorised way. By employing this simple practice, in some cases patients can help themselves and the staff to prevent the potential breach. This procedure would help not only to protect the safety of the patients, but also the safety of the staff. These two parties, each on their side, could work together in order to achieve the best results in protecting the confidential data from the outsiders, as well as from the unauthorised staff. People really like to talk, this way even a blink on personal information can lead to a destructive situation in life of any of the involved. The importance of complying with the HIPAA regulations should not be overestimated.

Summing up, obeying to the HIPAA regulations is regulated by the federal law and should be taken seriously at any matter. Any solution on the improvement of the secured data protection is a step forward in a better serving for the people's sake. The first step could be small, like starting to mark the cases, which can be accessed by authorized personnel only. This will help to distinguish the data, which is not accessible for everyone. Receiving care and providing it should be protected by both sides; interventions by the third party, which is not directly involved into the above mentioned processes, should only be allowed in order to gain the best outgrowth for everyone affected. This is why the administration has always to be the third party that ensures all of this.