The Health Insurance Portability and Accountability Act (HIPAA)

Swamped with your writing assignments? Take the weight off your shoulder!

Submit your assignment instructions

Healthcare Cybersecurity

The Health Insurance Portability and Accountability Act (HIPAA) was established, mandating the Secretary of Health and Human Services to promulgate guidelines for interchange electronic health records, confidentiality, and protection. These are referred to together as the Administrative Simplification provisions. The act obligated the Secretary to oversee HIPAA and create privacy protections controlling personally identifying health data. The Confidentiality Rules, the definitive guideline, was released for public comment and participation and amendments were done before the final release.


As a key component of the 2009 stimulus package, Congress enacted the Health Information Technology for Economic and Clinical Health Act (HITECH).  The HITECH Act introduced substantial revisions to the HIPAA Act, notably regarding privacy protections. The HITECH Act includes a section with Improved Security and Privacy Provisions. The HITECH Act was legislated to enable healthcare professionals who use or intend to use electronic health records (EHR) infrastructures, address better accessibility to EHR, expand the implementation of HIPAA privacy regulations to key stakeholders of covered entities, and enforce a merit system of constitutional penalties and fines for Noncompliance.

The Privacy Rule aims to eliminate disclosing protected patient information or details that a patient would anticipate not to be disclosed without their permission. A patient’s protected health information (PHI) contains information that can be used to identify or expose the medical details of an individual. Before the HITECH ACT, health plans and healthcare professionals were expected to adhere to HIPAA standards and obligations completely. Business affiliates of protected businesses were not subject to direct regulation. As per the HITECH Act, business affiliates have to be accountable for HIPAA compliance and are immediately liable to the authorities over HIPAA violations. Business partners are directly accountable for both criminal and civil consequences. This heightened statutory obligation for business partners under HIPAA will necessitate the update of business associate and vendor lists and the renegotiating of contracts. Furthermore, business affiliates will almost certainly suffer expenditures due to getting into direct Legal compliance. The HHS Department Secretary will eventually release guidelines on these measures.

The Omnibus Rule of 2013

The HIPAA Omnibus Rule refers to the package of finalized legislation that updated HIPAA rules and incorporates many HITECH Act elements. These changes include making insured business partners directly accountable for adherence to certain HIPAA Confidentiality Regulation standards.  Omnibus enhances the restrictions on the use and dissemination of phi for promotional, soliciting donations, and illegalize the selling of PHI without individual consent illegal. Also, the patients’ entitlement to get digital versions of their records should be expanded and include disclosures to a healthcare plan about medication the individual has fully paid for.

Omnibus mandates changes to and dissemination of a covered entity’s private information notice. Amend the patient’s authorization and other procedures to promote research and disclosure of child vaccination evidence to schools and allow relatives or someone else access to deceased information.

Examples of organizations being held accountable.

The United States of America and the State of Illinois ex rel. Amy O’Donnell v. America at Home Healthcare and Nursing Services, Ltd.

Judge Blakely upheld the relator’s claims that two defendants’ employees searched sensitive hospital records at various institutions to retrieve patients’ information for home health services. The defendants, America at Home, consciously charged the government for health services after illegitimately acquiring patients’ information. The defendants consciously presented claims to government agencies but intentionally refused to expose HIPAA violations.

Warner Chilcott & Physician HIPAA Violations Brought Under the False Claims Act 

District Court in Boston ordered pharmaceutical giant Warner Chilcott to pay $125 million to satisfy criminal and civil liabilities originating from the improper advertising of numerous medications. Warner Chilcott assisted the authorities in investigating guilty persons, which resulted in multiple individual charges. Former area manager Jeffrey Podolsky admitted guilt to health care fraud concerning pre-approval manipulation; Former district manager Timothy Garcia admitted guilt to health care fraud in correlation to informed consent manipulation, and Former district manager Landon Eckles confessed to the unlawful release of PHI of patients and criminal infringement of HIPAA legislation.

Swamped with your writing assignments? Take the weight off your shoulder!

Submit your assignment instructions

Place this order or similar order and get exceptional paper written by our team of experts at an affordable price

Leave a Reply