How the Security Rule Supports the Privacy Rule Research (Essay Sample)

How the Security Rule Supports the Privacy Rule
Student’s Name
Institutional Affiliation
Introduction
The HIPAA security was published by the Department of Health and Human Services (HHS) on the 20th February 2003. With the exclusion of minor health plans, whereby, they were given up to the 21st of April 2006 to meet the terms, Covered entities (CEs) had to be in conformity before the 21st April 2005, which is two years after the initial publication date. The HIPAA Security Rules illustrates security as the physical, administrative and technical ideas that the organizations ought to include in its plan of HIPAA security compliance. Security comprises of authorizations for noncompliance together with the policies and procedures. This approach offers a concise outline of the security rule and a bit of the setting and concepts that are important to in knowing the security rule. Moreover, it states the knowledge that is acquired in maintaining of the HIPAA security compliance with the health information management (HIM) together with their organization. This paper is an exclusive analyzation based on the topic HIPAA, on the issues related to the security and privacy rule requirement. This paper will further discuss the outline of every standard rule as well as how the security rules have supported the privacy rule, also how they are linked to one another. The paper will further cover the requirements of the security and privacy rule; providing the procedure on how to put each rule into practice in a corporate environment and further discussing the relationship between the security rules and privacy.
According to Breaux and Antón, (2008), the phrase "HIPAA" is an acronym for the Health Insurance Portability & Accountability Act. The Act was passed by the US Congress in the year 1996, with the aim and purpose of protecting health information that is confidential, which are referred to as Protected Health Information (PHI). However, the law on the other hand fraud and misuse of PHI and this relates to a number of organizational groups such as clearinghouses, healthcare plans, healthcare providers, together with other units that relay health care report both in electronic and manual form. These kinds of entities are collectively referred to as a Covered Entity (CE). Therefore, the universal function of HIPAA is to perform insurance convenience, enforcing of fraud and management for the healthcare industry. In this case, an administrative simplification refers to the security and privacy rule of HIPAA (Herold & Beaver, 2004).
The HIPAA privacy rule is meant for the establishment of the values for the privacy of personal definite health data. It heads and directs Covered Entities (CE) on how it will utilize and reveal specific health data. Currently, the configuration of the data could be in an electronic, manual, paper or any structures. The privacy rule guarantees security in general level, and it also includes all parts of the security and protections. Relatively, the Privacy Rule creates a report on privacy, manages notification of utilization and revelation of PHI, and has the privilege to review and make changes to record medical segment, examine HIPAA compliance at an extensive level, also creating the disciplinary approach for the violation of HIPAA.
Then again, Security standard is the regulation that puts a stop to the unauthorized element of accessing PHI without a compelling reason to know. For this reason, the Security Rule controls the electronic transmissions of PHI to guarantee legitimate stability between secured, confidential and available PHI. The Security Rule fundamentally regulates and envelopes Information Technology (IT) Security in a field of health service to set up specialized and functioning technique, policies like access control for frameworks and identity management, virus protection, reporting of incidences, making caution to guarantee a safe environment, and backup plans. The security rule capacities are IT security audit, building up codes of principles and morals, computer usage rule, disposal, and destruction among others. The Security rule entails level specialized protecting and computer system security that encourages in building up privacy to PHI in due course.
Given the above dialog, it is logic to support that both the security rule and the privacy rule are related to some extent. This is because the discussion above claims that for proper privacy guarantee in the healthcare environment, effective application of the security is important. Privacy is as the result of security. Furthermore, privacy rules articulate what should be done by the security together with the necessary measures that ought to be applied to the privacy policies to fulfill. In any case, in an organizational background, it is encouraged and highly recommended that the departments that specialize in the implementation of the privacy rule, as well as the implementation of the security rule, are divided and its direct link disconnected in regards to the involvement of the staffs and personnel. The most crucial part of this case is how the security policy is supporting the privacy rule for it to be compatible with HIPAA (Breaux & Antón, 2008).
In explaining some of the primary objectives of the privacy rule, the guidance provided by the Center for Disease and Control (CDC) and the US Department of Health & Human Health Services, states that the Privacy rule has the following roles (Centers For Disease Control and Prevention, 2003):
Creating a proper protection that most of the health service providers are expected to comply with so as to protect the privacy of the health data;
Setting up boundaries regarding the use and the issue of the health records;
Those who are found guilty of violating the patients’ privacy privileges will be answerable and forced to face civil and criminal penalties.
Patients are given enough jurisdiction of their health information;
Allows the patient to have the privilege of obtaining the copy their health recordings and appeal for the correction to be made;
They come into the agreement on whether a given form of data has to be disclosed when the public health duties insists;
Allows the patients to learn how their health information should be utilized and the kind of the information disclosure has been made;
Allows the patients to make choices regarding how their heath information should be utilized;
Limiting the information release to the minimal rationally required for the idea of disclosure;
And authorizes persons to regulate some utilization and to expose their health data.
According to an article, The Influence of the HIPAA privacy rule on health research (2007), the security regulations assist privacy rules to fulfill the discussed goals through the formation of protections to PHI in an electronic system only. That is a subsection of the PHI, which make up the Privacy Rule. Therefore, the Privacy Rule entails the protection of the paper form and electronic based on PHI broadcast (Ness & Joint Policy Committee, 2007). For this matter, Security rule guarantees E-PHI privacy only through the instituting of the following specifications and standards:
Administrative Protections
These strategies the procedures and policies demonstrate how the covered unit will fulfill the regulation and act. This concern with the management of the security through leveraging of the security personnel; Establishment of the security personnel and management of information access. It also offers guidance to the workforce on how to use PHI; Management of the password together with the monitoring of the security, contingency idea, and alerts to make certain on whether E-PHI transmission is properly managed to satisfy the associated requirements of the privacy rules as stated.
Physical protection
It enables in the handling of the physical access control so as to safeguard unapproved access to e- PHI. Its aim relates to guaranteeing access are correctly regulated according to the authorization, creates workstation utilization together with the security. It developed a procedure on the utilization of the digital media besides their disposal after the use.
Technical protection: it entails the computer system that is in the heath care facility with the policies and approaches for its efficient utilization that that are likely to safeguard E–PHI and restraint its access.
The reason for the technical protection under the security regulation.
It authorizes data integrity through the establishment of a process to approve E-PHI.
It ensures that each entity that is covered becomes accountable of guaranteeing that the data related to the PHI has not been fabricated or modified without any reason that is suitably convincing and valid.
Regulation of the Information Systems Access under the deployment of PHI, this has to be secured from interruption. It guarantees it through the encoding of the access information.
It creates transmission security through the empowerment of the integrity together with encoding the transmitted data in order for it not to be logged on by the individual in the middle.
Therefore, these main privacy protections ought to be carefully adhered to so that there could be the implementation of the security rule in a separate way rather than the privacy rule. Though, as soon as those requirements are implemented correctly and the prospects are fulfilled., the entire privacy rule goals initially identified and examined will also be fulfilled because all those are related and reliant on the requirements of the security rules (Ness & Joint Policy Committee, 2007).
According to the arguments made by Waggoner (2004), regarding Privacy and Security; Privacy is the consequence while privacy is the condition. Security is an act; Privacy is an...