Paper Example on Pennsylvania Law: Consumer Health Info Privacy & Protection

Chapter 146b Title 31 of the Pennsylvanian law governs the privacy of consumer health information (Mooney, 2018). This law however applies to the insurers only. Health data is protected under 31 Pa. Code. § 146b.1 and governed by 31 Pa. Code §§ 146c.1-.11. This code establishes the standards for the development and implementation of technical, physical, administrative, and physical protection of data. This code also sets the standard for the implementation of confidentiality and the integrity of consumer information. Pennsylvania recognizes physician-patient confidentiality which is a common law right that is distinct from a claim of invasion of privacy.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The health information in Pennsylvania is protected by Chapter 115 of Title 28 which requires health facilities to store their medical records in a manner that protects them from damage, loss, and unauthorized access (Mooney, 2018). 28 Pa. Code § 115.22 requires all medical records to be treated as confidential such that only a person who is authorized can access them. For the release of medical records outside the hospital 28 Pa. Code § 115.27 requires written authorization from the patient. The authorization has to be filed in the original records of the patients. 28 Pa. Code § 115.28 treats all medical records as the property of the hospital but hinders their removal from the facility except when they are required by the court. As such, the records can be photocopied and provided for physical review, insurance claims, and other purposes undertaken within the facility.

The Hitech Act was signed into law in February 2009 to promote health information privacy by encouraging health providers to embrace electronic health record keeping and the use of technology (Mooney, 2018). This Act strengthened the HIPAA privacy and security rules related to medical records. The Pennsylvania Health Information Technology Act was enacted in 2012 to promote exchange networks for health information.

There are significant differences and similarities between Pennsylvania's privacy laws on health information records and HIPAA privacy rules. The similarities include giving the patients the right over the information held by the healthcare facilities. Both Pennsylvania's privacy laws and HIPAA privacy rules agree that health facilities hold the information at the liberty of the patient. Both Pennsylvania's privacy laws and HIPAA privacy rules also agree that health facilities have the responsibility to protect the privacy of health records and consult the patient in case they want to disclose the information (Firouzan & McKinnon, 2019). Health records contain sensitive information that the patients might not be comfortable with when the information is made public (Edemekong et al., 2020). The privacy laws ensure that healthcare professionals respect the privacy rights of the patients and do not use the information to their own benefit.

There are also differences between Pennsylvania's privacy laws on health information records and HIPAA privacy rules. The differences include how the privacy measures are to be implemented; the HIPAA privacy rules are enforced by the state while Pennsylvania's privacy laws are enforced by different bodies that regulate healthcare in Pennsylvania (Firouzan & McKinnon, 2019). The differences in enforcement influence adherence to privacy laws. The implementation of the laws faces challenges because there are conflicting parties that claim the implementation of the law. However, both Pennsylvania's privacy laws on health information records and HIPAA privacy rules seek to reduce the stigmatization of patients by society.

Sample Policy in Ensuring Privacy and Confidentiality of Patient Health Information

Health information policy needs to ensure there are privacy and confidentiality of patient health information, there is medical information of the patients that is sensitive and patients would not like the information to be accessed by third parties (McGuire et al., 2018). The proposed policy must ensure all areas are covered in protecting patient information and ensuring that all the stakeholders maintain the medical records standards when handling patient information.

Limitations of Disclosure

The proposed policy limits access of patient information where people who are allowed to access patient information are limited to the medical professionals that are treating the particular patient. Different patients suffer from different diseases and will be treated by a medical practitioner trained to treat the condition (McGuire et al., 2018). The policy proposes that health facilities have an information system that will be used to store patient information for easy access. The system will be designed to control access to patient information. Limited access to patient information ensures that only authorized people access patient information. The policy proposes health facilities to enforce the policy to ensure professionals do not allow unauthorized access to patient information. Medical professionals need to access health records for the patients they are treating only.

Security

The security of patient information is key to ensuring patient information is private. The policy proposes healthcare institutions to put in place measures that ensure health records are put in a secure place where people do not have access without authority. Electronic health records also need to secure to ensure there is the privacy of patient information by preventing unauthorized access (McGuire et al., 2018). The information system used by healthcare facilities needs to have policies that guide the access of information and the people that can access the information. The proposed policy seeks to ensure there is accountability in instances when employees misuse the protocols set to protect patient information. The policy ensures the management is in control of how professionals access medical health records.

Consumer Control

Consumer control entails the protection and handling of information in a manner that sensitive information is filtered in the course of everyday transactions. Information systems have the capacity to filter information to ensure that medical professionals handle information that they only need to treat patients. Consumer control ensures that information is filtered and the professionals only get the information that they need to treat the patient (McGuire et al., 2018). The health information regulations and standards policy proposes all health facilities to have information systems to regulate and control access to patient health records. The system is important in keeping track of how information flows between different departments and who access information to facilitate accountability. We are living in the information age where access to information is key in making all decisions; the information system is the solution to health information consumer control.

Accountability

Accountability in health information regulations and standards entails the appropriate use of health information in a manner where all the stakeholders are accountable for any action they take on health records. Accountability ensures that all the stakeholders are held responsible in instances where protocols of health records are violated (McGuire et al., 2018). The proposed policy states that health facilities will develop protocols on actions to be taken against people who violate the set protocols. Health professionals must be accountable for any activity they engage in that leads to the violation of privacy protocols that prohibit the canvasing of patient health records.

References

Edemekong, P., Annamaraju, P., & Haydel, M. (2020). Health Insurance Portability and Accountability Act (HIPAA). Ncbi.nlm.nih.gov. Retrieved 29 August 2020, from https://www.ncbi.nlm.nih.gov/books/NBK500019/.

Firouzan, P., & McKinnon, J. (2019). HIPAA Privacy Implementation Issues in Pennsylvania Healthcare Facilities. Bok.ahima.org. Retrieved 29 August 2020, from https://bok.ahima.org/doc?oid=106787#.X0qhBHkzbIU.

McGuire, A. L., Fisher, R., Cusenza, P., Hudson, K., Rothstein, M. A., McGraw, D., ... & Henley, D. E. (2018). Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider. Genetics in Medicine, 10(7), 495-499.

Mooney, J. (2018). Pennsylvania - Data Protection Overview. DataGuidance. Retrieved 29 August 2020, from https://www.dataguidance.com/notes/pennsylvania-data-protection-overview.