Health Insurance Portability Accountability Act’s Compliance

Junior (College 3rd year) ・Healthcare&Medicine ・APA ・4 Sources

History and Purpose of HIPAA

The Health Insurance Portability and Accountability Act(HIPAA) emanate from the Kennedy-Kassebaum bill introduced to the Congress as an approach to improving healthcare. The law passed in the year 1996, but full implementation was in 2003. According to Liginlal (2015), HIPAA has two aspects. One, the portability segment that ensures that people can keep their health covers when they move from one organization to another. Two, the accountability part which ensures that the information about a patient is secure and confidential. Moreover, it dictates conventional standards for the electronic transmission of administrative and financial statistics regarding the patient’s health data. The set of laws required that health care institutions cater for the resources needed in educating the staff for total compliance.

The Private Rule

The Privacy Rule concentrates on the individual’s right to give directives on the use of personal information. The Protected Health Information (PHI) includes details of the mental and physical condition of a patient, the healthcare provision and the payments for the services (Drolet et al., 2017). The rule covers the discretion of PHI in electronic, oral and paper formats. However, the law cannot safeguard information held by an uncovered company. In addition, a client has the right to get a privacy practices’ notice or plan that explains scenario where the PHI disclosure could happen without his/her consent, request for a copy of the PHI, ask for corrections in case of partial or inaccurate data, and receive a record of the shared information made over a six-year period.

The Rule applies to the organizations and persons that transmit health data electronically. According to (Boyle & Mack, 2017), the covered entities are plans, providers and clearing houses in health care. The health plans cater for medical costs. Health care clearinghouses are the billing activities while the providers involve professionals and facilities providing treatment. If a covered organization carries out other functions aside from health, they can choose to insure the health department only thereby being a hybrid entity.

The Privacy Rule offers exceptions where one can disclose PHI. The requirement of the regulation is the individual ‘s consent for disclosure, but a covered entity may share the treatment, costs, and medical operations use. Therefore, some circumstances for unconsented disclosure include during health assessment activities, request for use in judicial matters, in research, giving the data to a business partner and officials in law enforcement. Nevertheless, the permitted disclosures have to fulfill the conditions set to avoid illegal sharing of data.

The Security Rule

The security rule ensures the confidentiality, integrity, and accessibility of the client’s data stored electronically (Boyle & Mack, 2017). Hence it calls for technical, physical and administrative preventive measures. Technical strategies are automated programs for data protection and controlled access such as encryption when transmitting. Consequently, the physical standards focus on guarding of systems, tools, and data from electronic form against viral threats, natural hazards, and unauthorized access. The administrative safeguards refer to the installation of security measures such as directing the responsibility to an individual or training the team on safety principles as well as company procedures.

Methods for Total Compliance

First, focus on the development and implementation of privacy policies. Following the privacy rule, companies should create and document privacy and security procedures. The regulations act as a guide in handling patients’ data and avoiding any breach. For instance, encrypting organizational emails since protected health information sent over mail may reach the unintended recipient if there is no encryption. Similarly, storage of patient data in cell phones should be discouraged and minimal use of the phones on the premises.

Another method is training the workforce and risk assessing. Employees of covered entities should learn about the uses or the disclosure of PHI since they are the people who deal with patients. Hence, the organizations should conduct refresher meetings in the event of new policies (Agris, & Spandorfer, 2016). Risk assessment helps with identification of vulnerabilities. Employees conversant with HIPAA fasten the analysis since they already know the systems. The significance of risk assessing is to ascertain the integrity and confidentiality of the PHI. If any issue comes up from the assessment, then it's essential that the policies are revised to minimize it.

Implementation of a feedback channel is a crucial way of achieving compliance. The healthcare organizations should establish a mechanism where staff and patients can report about situations that necessitated a workaround. When there is a workaround, it is an indication of faulty practices or processes. Therefore, the management will initiate an investigation into the procedures and look for ways to address them. Moreover, managers are answerable for development of policies, implementation, review, and revision.


As stated by Boyle & Mack (2017), HIPAA violation occurs when a company with the insurance coverage does not conform to the policies of the privacy rule, security or a breach. The action may be purposeful or accidental. Studies show that many of the violations are cases of negligence like incomplete risk assessment. Depending on the intensity of the act, the OCR metes out the suitable penalty.

The first category is the violation by ignorance. The individual or company may fail to adhere to a policy because they do not know about it and even if they reason out they won't figure it out. In this case, the fine ranges from a hundred to fifty thousand dollars per the acts. Secondly, violating with a viable claim. If one does not observe the rules because of solid reasons without negligence, the penalty ranges from thousand to fifty thousand dollars for every act (Liginlal, 2015). The third classification refers to violations by purposeful negligence, but the organization corrects it in time. The penalty is ten thousand to fifty thousand dollars per violation. Lastly, desecration by intentional neglect without corrections will attract a fine of at least fifty thousand dollars. Interestingly, all the categories have a standard penalty of one point five million dollars in the event of similar provisions in a year.


Drolet et al. (2017) states that, patients entrust their medical experts with their personal information. It is, therefore, the mandate of the practitioner to safeguard the data. HIPAA provides a platform directing the medical centers on how to protect the data, especially with the electronic records. The patients, on the other hand, get better treatment from any doctor in a covered entity since he/she can access the disease history. In addition to that, people save on money used to purchase another insurance cover when one lands a new job. However, the penalties are too high, though it helps in compliance, it may not an attract investment.


Agris, J. L., & Spandorfer, J. M. (2016). HIPAA Compliance and Training: A Perfect Storm for Professionalism Education?. The Journal of Law, Medicine & Ethics, 44(4), 652-656.

Boyle, L. M., & Mack, D. M. (2017). HIPAA: a guide to health care privacy and security law. Wolters Kluwer.

Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: privacy, security, and HIPAA compliance. The Journal of Hand Surgery, 42(6), 411-416.

Liginlal, D. (2015). HIPAA and human error: The role of enhanced situation awareness in protecting health information. In Medical Data Privacy Handbook (pp. 679-696). Springer International Publishing.

Get a price
Academic level
Pages *275 words
Total price
$ 0 .00
$ 0 .00

Prices that are easy on your wallet

Our experts are ready to do an excellent job starting at $14.99 per page

What Clients Say About Us
Our Customers Rated UsGreat
Out of 5 Based on 357 Reviews
I experienced difficult times trying to complete huge number of assignments to my university at the same time and you, guys, literally saved me. Everything was done in time and on the highest level! I really appreciate your help.
Essay, History, 12 pages, 7 days, Master's
First time when I placed an order with you, I just lacked time to do all the homework and it was a lot going on in my family. But today I’m doing it sometimes just for fun – I really enjoy communicating with your Customer Support members and just letting myself being a bit lazy
Yuong Lo Mui,
Literature review, IT, 17 pages, 4 days, Master's
My GPA is 4.0 and I’ve always been doing everything myself, but there is a class which I was about to fail thus my GPA would decrease first time in so many years. I ordered few assignments to be completed with and you did a great job! Thanks to you I still remain one of the best students on campus.
Essay, Politics, 8 pages, 5 days, Junior
I am not used to such services and I usually write all the papers by myself. But this time I got in a very difficult situation and had to order my paper on this website. To my surprise it appeared to be quite good. Thank you, it is really nice service. Think I'll get back to you soon!
Thesis, Management, 34 pages, 14 days, Master's
I am on my maternity leave now, so I spend a lot of time at home taking care of my little son. I’ve decided to get one more higher education degree while I’m spending so much time at home and applied for distance learning in one online college. But caring a baby takes even more time then I excepted so I’m the way too busy to write the complicated masters level research works, but is so-so-so cool! Thank you for that you exist! I don’t know what I would do without you all!
Essay, Education, 15 pages, 8 days, Master's
I am studying and working at the same time and it is difficult to cope with university assignments as I am very tired after the work day. You service is a salvation for me as it helps to do everything on time. I am really happy about it. Wish you everything the best! Especially my lovely writer 109!
Coursework, Religion, 11 pages, 7 days, Master's

We at

work according to the General Data Protection Regulation (GDPR), which means you have the control over your personal data. All payment transactions go through a secure online payment system, thus your Billing information is not stored, saved or available to the Company in any way. Additionally, we guarantee confidentiality and anonymity all throughout your cooperation with our Company.

Try our service with 15% Discount for your first order!   Try our service with 15% Discount for your first order!   Try our service with 15% Discount for your first order!  

Order Now