The Cutting Edge of Medical Technology Content, Community & Collaboration
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US legislation that was enacted under the HITECH Act under Bill Clinton’s presidency with the intention of offering safeguards for medical information through its data privacy and security provisions. The Act consists of five sections. Also called titles, they are these:
The provisions relating to data security are to be enforced by what are called Covered Entities, or those that are in possession of one or another form of patient data including Medicare and Medicaid, along with entities with whom these CE's may work to get their work done, namely Business Associates (BA's). The mechanism through which the implementation of the provisions of HIPAA by the CE's and BA's is overseen is audits.
In the first two decades since HIPAA’s inception, successive American governments have paid some half a million providers of healthcare services and CE's and BA's well over $400 billion to implement Electronic Health Records (EHR's), which is the most important source of patient information that needs to be safeguarded in accordance with the provisions of HIPAA.
Although the purpose set out for safeguarding confidential patient data is straightforward and the means for doing so are explicitly stated; HIPAA implementation is still one of the gargantuan stumbling blocks for the administration. The question of why HIPAA compliance is becoming more challenging can be understood from this perspective. An understanding of why HIPAA compliance is becoming more challenging needs to also be seen in the backdrop of the fact that this has been happening despite the astronomical rates of penalties that HIPAA imposes for non-implementation: these range from $50,000 for every willful violation to $1.5 million for willful repeat violations, in addition to inviting a year in prison.
The reasons why HIPAA compliance is becoming more challenging
From the time HIPAA came into existence, it has thrown up a number of reasons for its relatively low level of compliance and implementation. Some of these may appear very basic and even surprising for a country that is among the most technologically advanced in the world. Yet, this being a completely technological tool; the element of technology, intended to be a facilitator, has turned out to be an impediment to HIPAA compliance by CE's and BA's.
Technology continues to be the prime problem in HIPAA compliance. While on the surface, people may balk at the idea that technology can be a limiting factor for a completely technological system, it has to be understood that implementation of HIPAA Security measures requires knowledge and application of specific technological aspects. The main concerns relate to getting used to operating shared data access across networks for healthcare professionals who were all along used to operating with closed data systems, and with understanding the nitty-gritty of using the cloud.
Using with mobile technologies
Another aspect of the problems with why HIPAA compliance is becoming more challenging is migrating and adapting these technologies for mobile systems. Mobile technology differs a little from that of traditional, desktop technologies. Implementing both of them in parallel has been a challenge for many CE's and BA's.
Evolution of technologies
In addition to all these usual issues associated with technology implementation, another reason as to why HIPAA compliance is becoming more challenging is that technology itself is ever changing and evolving. By the time many staff members of certain CE's and their BA's get used to implementing the existing technology, an innovative technology could have come up, making it necessary to carry out changes in accordance with the requirements of the latest technology.
Another element of the technological aspect of why HIPAA compliance is becoming more challenging is that this calls for integration with a vast number of entities from both within the organization and outside. This is seen as an issue by many healthcare providers who have to implement HIPAA.
Apart from the technology aspect of HIPAA, many Covered Entities and Business Associates are finding that HIPAA compliance is becoming more challenging because they have to continuously train staff about every aspect of HIPAA implementation. HIPAA requirements keep changing every now and then. This makes HIPAA implementation all the more time-consuming and challenging.