The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect health insurance coverage, reduce healthcare fraud, and mandate industry standards for the protection of health information and electronic management of that information. These standards are typically represented in organizations’ privacy and security policies. The U.S. Department of Health and Human Services provides details for understanding HIPAA.
Read the following scenario:
You have registered as a patient at the Norwalk Walk-In Clinic. You observe the following:
The registration sheet, which you signed, lists all of the names of the people who have registered that day. It is left on the counter of the registration table. Once you have signed in, you are immediately asked to sit down in the reception area, and no other paperwork is presented to you. As you are sitting there, a public relations staff member takes a photo of the clinic area.
When the physician is ready to see you, your name is called out to the reception area. After the nurse takes your vital signs, she writes it down in your medical chart. The chart is reviewed by the physician. The physician in your case is not an employee of the walk-in clinic.
The physician recommends that you see a specialist at Norwalk Hospital. The physician talks to the specialist about your condition over the phone. Your file is transcribed and sent to the director of medical records. The treatment that you received at the clinic is recorded in your file and this information is sent to your insurance company for billing.
You are sent a bill and you fail to make a timely payment. A collection agency contracted by the hospital sends you a notice, which has all of the information about your clinic visit and various charges.
Identify and discuss all of the HIPAA violations present in this scenario. Also, point out situations that do not represent HIPAA violations. For those situations in which you believe a violation has taken place, make a recommendation to correct them.