Failure to treat Patients in Timely Manner
To protect the safety and privacy rights of patients, several federal and state legislations are sanctioned. Federal and state legislations have specifically instructed health care organizations to ensure the legal rights of patients. The paper discusses the legal provisions, endorsed by federal and state governments, the patients have access to in order to secure their rights.
Official Titles of Federal and State Laws
Two specific federal and state statutes to ensure patients’ legal rights are the Health Insurance Portability and Accountability Act (HIPAA) and the Confidentiality of Medical Information Act (CMIA) respectively. Both these guarantee patient’s legal rights to be promoted by healthcare organizations.
Health Care Organization’s Obligations to meet Patients’ Legal Rights
The HIPAA maintains the privacy, confidentiality, and security of patient health information. The Act provides patients’ authorization regarding the disclosure of their protected information; their right to obtain copies of their personal medical information including presenting revisions in the event of their disagreement with the information in medical records (Kattan, 2009). It also requires strict privacy of patients’ medical records, the violation of which is subject to legal proceedings. The HIPAA encouraged the establishment of the NIST/URAC/ WEDi Healthcare Security Workgroup, which aim at facilitating communication and harmony concerning the best practices to consolidate information security healthcare as well as to advocate the implementation of uniform approach to security practices and assessments (Sharma, 2005). The HIPPA Privacy and Security Rule, enforced by the Office for Civil Rights (OCR) cover the enquiry and resolution of patient privacy complaints and investigation of violations of protected health information (PHI) (Hersh & Hoyt, 2018). In short, the HIPAA not only upholds portability of health information but also codifies fulfilment of patient rights.
California’s (CMIA) grants patients special civil and criminal protection against the disclosure of medical information. It incorporates pharmaceutical companies and obliges that they maintain strict confidentiality of patients’ medical records and also that they seek special permission to reveal medical information (Roach, Hoban, Broccolo & Roth, 2006). The Act necessitates employers obtaining medical information to make certain in preserving the confidentiality of information and undertake efforts against leakage of information. As Saviano (2008) noted that the CMIA protects patient privacy and confidentiality by regulating the uses and disclosures of various types of medical information. The CMIA is one of the landmark privacy laws that restricts use and revelation of mental health records. A healthcare provider or healthcare organization that violates the CMIA would have to face penalties.
Consequences for Non-Compliance of HIPAA and CMIA
Healthcare organizations should be on guard by initiating proactive measures to prevent privacy and security issues. They should realize the consequences of not implementing adequate privacy and security programs and non-compliance with regulatory obligations. The legal and regulatory provisions entail specific penalties and fines for the breach of the Acts.
Legal Obligation of HIPAA and associated Consequence and Real Life Case in Violation of Act
The central goal of HIPAA is to ensure legal safeguards against the unacceptable use and disclosure of personal medical information that covers all medical records and recognized health information in digital, written or oral formats. The legal provision insists on creating appropriate accommodations to concretize patient privacy and adopt reasonable protections to prevent outflow of information. All patient information is confidential and the healthcare organization should shield protected health information of individuals.
HIPAA requires strict privacy of patients’ medical records, the violation of which is subject to legal proceedings. The consequence for violation of this legal requirement involves civil monetary penalties for non-compliance, capped at $25,000per person per year for each provision violated and imposing of criminal penalties for specific wrongful disclosures “up to $50,000 and one year in prison for intentional disclosures and up to $250,000 and ten years in prison for disclosure with intent to sell the data” (Marcella & Stucki, 2003, p. 310).
A real-life case scenario that exemplifies the non-compliance of the legal provision of HIPPA is the case of Anonymous v. Chino Valley Medical Center, Sir Bernardino County, California Superior Court (1997). In this case, a 35-year old disabled inpatient was administered a blood test for human immunodeficiency virus (HIV) (Lippincott, 2004). The patient asked the physician not to disclose the reports of the test to anyone except him. However, one nurse and one physician disclosed the test results to the patient’s sister. The nurse denied the disclosure of information and no actions were taken against the doctor. A trail court imposed a $5,000 statutory civil penalty against the medical center (Lippincott, 2004).
Legal obligation of CMIA and associated consequence and real Life case in violation of act.
The CMIA forbids the healthcare provider from publicizing medical information without obtaining a written authorization, specifically regarding the patient’s participation in outpatient treatment with a psychotherapist.
Non-compliance with the legal provision to obtain patient authorization or failure to maintain security of information contributes to significant penalties. Solove and Schwartz (2014) pointed out that harmless divulging of medical information could lead to nominal damages up to $1,000. The CMIA provision also confers fines and civil penalties.
In 2014, Stanford Hospitals & Clinics along with two of its vendors were involved in litigation settling a CMIA class action lawsuit for $4.1 million (Solove & Schwartz, 2014). One of the two vendors leaked out the creation of a graphic regarding 20,000 patients and the other business associate posted the information on a public website for a year until it was detected by a Stanford patient (Solove & Schwartz, 2014). After two years of litigation Stanford settled the dispute with its vendors paying $3.3 million.
Protecting patient’s medical information is of paramount importance for the healthcare organizations failing which they not only face penalties but also risk their repute at stake. The federal and state legal statues have played leading roles in assuring the sanctity and inviolability of medical information. The HIPAA and CMIA legislation have potentially preserved patients’ health records by shielding its inappropriate disclosure through stringent legal provisions. Healthcare organizations should be cautious to protect patient’s protected medical records.
Hersh, W. R., & Hoyt, R. E. (2018). Health Informatics: Practical Guide Seventh Edition. Lulu. com.
Kattan, M. W. (2009). Encyclopedia of medical decision making (Vol. 1). Sage.
Lippincott, W. (2004). Wilkins. 2004. Complete guide to documentation.
Marcella Jr, A. J., & Stucki, C. (2003). Privacy handbook: guidelines, exposures, policy implementation, and international issues. John Wiley & Sons.
Roach, W. H., Hoban, R. G., Broccolo, B. M., & Roth, A. B. (2006). Medical records and the law. Jones & Bartlett Learning.
Saviano, E. (2008). Maintenance and disclosure of mental health records in the primary care clinic setting.
Solove, D. J., & Schwartz, P. (2014). Information privacy law. Wolters Kluwer Law & Business.
Sharma, S. K. (2005). Creating knowledge-based healthcare organizations. IGI Global.