Keeping A Part Of Personal Information By HIPAA

Most of the human beings in the world like to keep some part of personal information in public but most of them in private. Information that should be protected and keep private is personally identifiable information (PII). In general, personally identifiable information is to find one’s individual identity or to distinguish from others personal information. Few examples of PII are Name, Phone number, Address, Personal ID number such as social security number, passport etc., and biometrics. In case if we post our personal data on to the internet our identity, financial information can be stolen, we can be robbed, our employment information in public leads to loss of our job, good/bad thoughts might go public and might not be able to defend our self in legal proceedings due to many reasons etc., Make sure that we don’t share our bank information and social security number which may leads to loss of more personal information and financially also.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) is US law enactment which will be taking care of providing data security and privacy to safeguard medical information. In order to secure the database which stores PHI DBAs should know about HIPAA. HIPAA privacy rule is one of the important one and applied to many organizations which includes health plan providers. HIPAA privacy rule will be covering the personal health information (PHI) which can be either paper or digital. Under this rule user can view his own PHI which includes full name, birth date, social security number, health status, payments about health etc., Each firm should employ a privacy official who should train the employees about the process, procedures and complaint in case of misuse of PHI besides there should be an administrative also in order to safeguard technical and physical in regards to PHI. Besides HIPAA privacy rule we also have HIPAA Security rule which will take care of Security Standards in order to Protect the Electronic PHI and it will help the user in auditing their information. I feel that the HIPAA rules for securing the database or PHI are more reasonable as they are useful to protect/secure PHI. Under the HIPAA privacy rule in case if a firm/organization is failed to meet the respective requirements according to 2013 Omnibus rule for a single violation fine can be doubled the maximum i.e. $25K to $50K.

HIPAA compliance is nothing but succeeding in the requirements of the Health Insurance Portability and Accountability Act of 1996 along with its subsequent amendments and related rules to i.e. Health Information Technology for Economic and Clinical Health (HITECH) Act. As per HIPAA compliance any organization that takes care of PHI must make sure that all process, network and physical measures are followed and in place which includes covered entities (CE), business associates (BA). In general HIPAA compliance rules are Privacy and Security Rules, Breach Notification Rule, Omnibus Rule and Enforcement Rule. As per HIPAA Breach Notification Rule requires CE to inform the patients in case if there is a breach of their electronic Patient Health Information. HIPAA Omnibus rule is used to address the areas which was omitted by previous updates to HIPAA. It involves in updating BA agreements, privacy policies, Notices of Privacy Practices etc.,

HIPAA Enforcement rule will take care of the penalties that could press on CE responsible for an avoidable breach of electronic PHI and investigates that follow a breach of ePHI. Covered entities of HIPAA should be aware of the penalties for violations i.e. imputable to ignorance can fine $100 – $50,000, occurred in spite of reasonable vigilance $1,000 – $50,000, neglect of violation if corrected in thirty days a fine of $10,000 - $50,000 and if not corrected in thirty days a max fine would be $50,000.

Safe Harbor is one of the methods in order to achieve de-identification in line with the HIPAA Privacy rule. As per this method name, geographic sub divisions i.e. smaller than state, phone numbers, Date of Birth, license plate numbers, fax details, email address, SSN, IP address, Medical records, biometric details, insurance plan details, account numbers, certificate numbers etc., identifiers of an individual are removed for de-identification. For example, the DoB 'February 9, 1991' detail which cannot be reported at this level. As per safe harbor method it can be informed in a de-identified data as '1991'