There are a lot of advantages that have resulted from HIPAA, the most widely known of which are enhancing privacy security for patients and enhancing the safety of healthcare information. HIPAA restricts the usage and disclosure of patient information to those associated with treatment, bill payment, or healthcare procedures and all covered entities and business associates should employ proper administrative, technical and physical safety measures to make sure patient information are adequately secured from internal and external risks.
Importantly, HIPAA provided people with new privileges with regard to their healthcare information. Before the HIPAA Privacy Rule, patients were not actually allowed to view their medical records. HIPAA gave people the right to get and check a copy of their healthcare information and ask to correct errors. HIPAA made certain that patients are made aware regarding how their healthcare information will be utilized and disclosed, provided patients the right to even further restrict disclosures of their health information, and also permitted them to see a record of disclosures to know who got their healthcare information.
HIPAA has enhanced the portability of medical insurance for workers between jobs and has prevented discrimination against individuals with pre-existing ailments when acquiring medical insurance coverage. Productivity in healthcare was better by standardizing transactions by means of the usage of standard code sets and has aided to considerably minimize waste and fraudulence in medical care.
Nevertheless, not everything was smooth sailing. One of the preliminary conditions of HIPAA was to make a national patient identifier system, however, 25 years after, that condition is still not yet implemented. With no national patient identifier system, it is hard to identify patients and can contribute to medical record mismatching. One ONC study in 2014 showed a 50% to 60% mismatch of records if shared among various healthcare companies.
Another disadvantage of HIPAA is its coverage of healthcare information, which is restricted to healthcare information collected, retained, processed, kept, or sent by HIPAA-covered entities and business associates. When a non-HIPAA-covered entity or non-business associate gathers the very same information, HIPAA protections are not applicable.
The HIPAA Rules aren’t certain in some areas because of the versatility built into the law, therefore there is a possibility for misinterpretation of the conditions and there are still misunderstandings among a number of HIPAA-covered entities and business associates in terms of compliance.
One complaint frequently made by patients is the insufficiency of a private cause of action. It isn’t possible to prosecute for a HIPAA violation, even when the HIPAA Rules were evidently violated and there’s harm sustained. Legal action may only be undertaken according to state laws.