The Health Insurance Portability and Accountability Act or “HIPAA” for short, is the single biggest piece of legislation that impacts individuals medical treatment and billing records across the USA. This price of Federal Law has mandated the protection and communication of patient and medical records since 1996 and impacts a number of key areas including access to or any charges for the retrieval of your medical records and how a health plan or a covered health care provider shares your protected health information with an employer. Simply put, HIPAA’s primary focus is to stop uninterested parties (those who are not you and your personal representatives) or your employer, from having unauthorized access to your personal medical history. While this may sound like a relatively straightforward and simple administration task, over the years, protecting users personal information has become an increasingly difficult job for those working in the health profession.
When HIPAA was drafted and approved in 1996, technology and obtaining medical documents was a very different process. The only real way to keep medical documents was in a tangible, written paper file. The only way to request a copy of that was via a written letter with a HIPAA authorization form attached (or via legal subpoena). The task was much simpler. If the request did not feature the signature of the individual to whom the information belonged, there was no reason to disclose any of that information to the party requesting it. Of course, since 1996, technology and communications have changed an astronomical amount from the humble “written file”. Over the course of this piece, we will look at several new storage and communication methods that medical files are now subject to, and the challenges that this puts in the hands of the information holders. The simplest is the digital storage of information, which over the last 5 years alone has gone through some huge changes. The introduction of “cloud” based storage means that a huge amount of data is kept off site. This means that third parties that may wish to gain access to the data are able to do so remotely. Although no request may be forthcoming these central databases are easily hacked and easily leaked. Medical companies face almost a daily struggle to keep the information secure. The best way they manage to do this is through the use of secure firewalls, access points and information transfer.