Protecting Personal Health Information: HIPAA is NOT Enough Essay

2242 Words 9 Pages
One type of personal data we should be concerned with keeping secure is Protected Health Information or PHI. PHI is defined in the Privacy Rule section of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as “"individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral” (U.S. Department of Health & Human Services). While HIPAA was enacted to address the protection of PHI, it falls short of this task because there are no measures to proactively ensure entities are abiding by its guidelines, the penalties are subjective and fail to inflict enough punishment on entities for data breaches and it puts the onus …show more content…
Behind the scenes, inside these computers housing the data, there are complex programs that manipulate, format and update the data. As you can see there are many avenues for PHI to be exposed.
PHI is transmitted from one office to another, to another business or to individuals requesting their own records. During this transmission there are vulnerabilities in computer networks, personal computers or hand held devices and datacenters that house the data. As technology progresses and ‘cloud’ computing becomes more prevalent there will be even less control over who houses your data and how it is transmitted.
As a measure to ensure the security and confidentiality of personal data, and more specifically PHI, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted on August 21, 1996. “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires a system of health care information exchanges by computers and through computer clearinghouses and data networks by February 1998. HIPAA also requires that Congress enact privacy protection by August of 1999 or that the secretary of health and human services promulgate regulations” (Bass, Berry and Sims).
As it is written the legislation is comprised of 5 sections referred to as Titles and is about 400 pages in length:
Among HIPAA's provisions, Title I covers healthcare access, portability, and renewability. Title II focuses on preventing
Open Document