Search results
1 – 10 of 302Sameer Kumar, Anne Henseler and David Haukaas
Health Insurance Portability and Accountability Act implementation in the USA caused waves in the medical world about documentation storage, flow and access. Protecting patients…
Abstract
Purpose
Health Insurance Portability and Accountability Act implementation in the USA caused waves in the medical world about documentation storage, flow and access. Protecting patients from information falling into the wrong hands is admirable, but the Act has influenced more than just documentation; it has slowed the research process and complicated basic US medical care. This article aims to discuss Health Insurance Portability and Accountability Act's effects on documentation and patient care and future US healthcare options.
Design/methodology/approach
A chronological approach is used to lay out the Act's effects. Using process flow maps, the pre‐ and post‐Act environment is analyzed to discover differences in the two processes. Then a critique of the new environment leads to future movement recommendations by the US government and the healthcare industry.
Findings
True to the US government's track record, by the time the Act was passed, it was already outdated in terms of IT management capabilities. In addition to trying to comply with these outdated practices, the Act's wording is so vague that hospital staff are not sure with what they are even complying. The Act could be improved with some simple changes to wording and updating.
Research limitations/implications
This article attempts to take a massive problem with far reaching implications, drill down to the key issues and make managerial recommendations based on findings. This provides a more detailed problem view that can only be understood at a high level owing to its complexity. Importantly, the key issues developed in the article support US government reform for legislation, which is not an easy task. There were studies available on the Act's cost to patients, hospitals, clinics and general costs in the USA. However, all the research was site specific and easily contradicted by other sources. Additionally, source reliability was questionable at best, as publications came from specific hospitals and clinics.
Practical implications
Throughout the study two themes were clear – the Act's outdated nature and vague wording. The more research that was done, the more confusing the information began to get, it seems even experts have a hard time understating and complying with the Act. One thing is clear. The Act is confusing and outdated. Because the problem is so large and fragmented, people are not sure where to start fixing the predicament. Arming US hospitals, clinics and doctors with basic knowledge can give them a common springboard to start changing the current environment.
Originality/value
It is clear that the problem is large and confusing. Consolidating research results seems a valuable tool to help understand what is wrong with US healthcare. This article makes a case that updating and improving the directive's ambiguous nature helps create a less frustrating US healthcare system.
Details
Keywords
Allen C. Johnston and Merrill Warkentin
The Health Insurance Portability and Accountability Act (HIPAA) is US legislation aimed at protecting patient information privacy, but it imposes a significant burden on…
Abstract
Purpose
The Health Insurance Portability and Accountability Act (HIPAA) is US legislation aimed at protecting patient information privacy, but it imposes a significant burden on healthcare employees, especially since the privacy provisions are still evolving and healthcare organizations are still struggling to meet compliance criteria. This study seeks to illuminate characteristics of both the environment (organization) and the individual (healthcare professional) and their relevant influence on compliance intentions by leveraging theories from the domains of social psychology, management, and information systems.
Design/methodology/approach
A study of 208 healthcare professionals located at healthcare facilities throughout the USA were surveyed as to their perceptions regarding HIPAA compliance and the underlying organizational and individual factors that influence said compliance.
Findings
The findings indicate that perceptions of organizational support and self‐efficacy (SE) leading to HIPAA compliance vary based on organizational and occupational characteristics. Furthermore, these perceptions of organizational support and SE explain some of the differences in their intent to comply with this legislation.
Research limitations/implications
For healthcare managers, the findings of this research may serve to validate HIPAA compliance initiatives. Through increased attention and resources dedicated to providing a supportive environment for HIPAA compliance, healthcare managers can increase the likelihood of compliance success by improving employee SE.
Originality/value
This paper represents the first empirical study to account for environmental factors and their influence on individual intentions to comply with HIPAA.
Details
Keywords
Adam Fadlalla and Nilmini Wickramasinghe
Currently the healthcare industry in the US is not only contending with relentless pressures to lower costs while maintaining and increasing the quality of service but is also…
Abstract
Currently the healthcare industry in the US is not only contending with relentless pressures to lower costs while maintaining and increasing the quality of service but is also under a stringent timeline to become compliant with the health insurance, portability and accountability act (HIPAA) regulatory requirements. Robust healthcare information systems (HCIS) become critical to enabling healthcare organizations address these challenges. Hence, it becomes an imperative need that the information that is captured, generated and disseminated by these HCIS be of the highest possible integrity and quality as well as compliant with regulatory requirements. This paper addresses this need by proposing an integrative framework for HIPAA compliant, I*IQ HCIS. It bases this framework on an integration of the requirements for HIPAA compliance, the principles of information integrity, as well as the healthcare quality aims set forth by the Committee on the Quality of Healthcare in America.
Details
Keywords
Edward Rafalski and Ross Mullner
Pairing organizational policies and procedures with data mining techniques, healthcare marketing professionals can effectively ensure compliance with the new patient privacy…
Abstract
Pairing organizational policies and procedures with data mining techniques, healthcare marketing professionals can effectively ensure compliance with the new patient privacy standards established by HIPAA. To ensure compliance, integrated data warehouses can record individual patient requests to “opt‐in” to receiving marketing materials from healthcare organizations, while those patients who “opt‐out” can be excluded from purchased or shared databases. If appropriate steps are taken, marketing professionals can continue to segment and target specific healthcare market niches using data mining techniques.
Details
Keywords
Marian Levy and Marla B. Royne
This paper aims to examine privacy breaches in personal health record information that expose consumers to unsolicited marketing.
Abstract
Purpose
This paper aims to examine privacy breaches in personal health record information that expose consumers to unsolicited marketing.
Design/methodology/approach
Examples of: data theft by healthcare workers; sale of consumer health data by entities not covered by the Health Insurance Portability and Accountability Act (HIPAA); and piracy of health data through sophisticated internet targeted marketing.
Findings
This paper finds that HIPAA's strict safeguards to medical privacy are not extended to database companies that aggregate data for electronic medical records, a source of highly profitable information that is purchased by advertisers. Similar health information is obtained by marketers through consumer “health surveys” completed on web‐based health information sites or at community health screenings.
Practical implications
Consumer education is warranted to ensure awareness of privacy breaches and vigilance against loss of personal and protected health information to marketers.
Originality/value
The paper highlights the areas for protecting consumers via identifying loopholes in HIPAA, as well as pointing out consumer behavior that can lead to subtle, yet systematic exploitation of their health information for profit via marketing.
Details
Keywords
Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to…
Abstract
Purpose
Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to least at risk for healthcare data breaches. This gap has led to a lack of proper risk identification and understanding of cyber environments at state levels.
Design/methodology/approach
Based on the security action cycle, the National Institute of Standards and Technology (NIST) cybersecurity framework, the risk-planning model, and the multicriteria decision-making (MCDM) literature, the paper offers an integrated multicriteria framework for prioritization in cybersecurity to address this lack and other prioritization issues in risk management in the field. The study used historical breach data between 2015 and 2021.
Findings
The findings showed that California, Texas, New York, Florida, Indiana, Pennsylvania, Massachusetts, Minnesota, Ohio, and Georgia are the states most at risk for healthcare data breaches.
Practical implications
The findings highlight each US state faces a different level of healthcare risk. The findings are informative for patients, crucial for privacy officers in understanding the nuances of their risk environment, and important for policy-makers who must grasp the grave disconnect between existing issues and legislative practices. Furthermore, the study suggests an association between positioning state risk and such factors as population and wealth, both avenues for future research.
Originality/value
Theoretically, the paper offers an integrated framework, whose basis in established security models in both academia and industry practice enables utilizing it in various prioritization scenarios in the field of cybersecurity. It further emphasizes the importance of risk identification and brings attention to different healthcare cybersecurity environments among the different US states.
Details
Keywords
A great concern regarding the use of data science in any field is privacy. Adequately protecting individuals from the negative effects of maliciously shared personal identifying…
Abstract
A great concern regarding the use of data science in any field is privacy. Adequately protecting individuals from the negative effects of maliciously shared personal identifying information is essential. It is however, also important to understand the positive role that protected and shared information can play. This chapter provides a basic understanding of how the concept of privacy has developed in the United States (US) and suggests that continued development of that understanding and the protections provided will occur.
Details
Keywords
Stefani M. Krall and Steven M. Cooley
There is significant documentation of fraud and abuses of consumer privacy through telemarketing activities. This led to a proliferation of legislative efforts to protect consumer…
Abstract
There is significant documentation of fraud and abuses of consumer privacy through telemarketing activities. This led to a proliferation of legislative efforts to protect consumer privacy rights in the USA. Two such federal laws, the Health Plan Portability and Accountability Act of 1996 and the Telemarketing and Consumer Protection Act of 1994 significantly improve consumer privacy protections. However, they have a negative impact on the legitimate research and customer outreach efforts of ethical firms. It is especially challenging for health care firms as personal health information is among the most highly guarded areas of privacy concern. This article describes key provisions of these laws as they relate to health care organizations. Two program examples show how one firm successfully balances effectively administering health plan operations that support customer‐focused initiatives while complying with consumer privacy regulations.
Details
Keywords
Information professionals are increasing called upon to provide access and services for information that, by its nature, must be restricted to certain uses or classes of…
Abstract
Purpose
Information professionals are increasing called upon to provide access and services for information that, by its nature, must be restricted to certain uses or classes of individuals. This paper aims to explore the six major compliance regulations in the USA that information professionals should have a basic understanding of to manage a restricted information environment effectively.
Design/methodology/approach
This paper is a general review of laws and requirements in the USA related to information security that may affect information professionals in their work.
Findings
The world of information security is complex and there are multiple laws, guidelines and standards that apply. For information professionals managing or deploying digital repositories or information archives, all of these need to be considered because plans and systems are being developed. Information professionals will increasingly be called upon to lend their expertise to emerging preservation problems related to restricted data, so understanding the basics of information security law is a requirement to successful information practice.
Originality/value
This is the first general overview of this area of information practice.
Details
Keywords
The shift from paper to electronic recording of medical records and the on-line storage of data has spawned new areas of legal liability for the healthcare industry and its…