The Health Insurance Portability and Accountability Act was established in 1996 to help employees move health insurance plans between employers. Since then, it has been adapted to cover all aspects of health-related privacy, specifically maintaining the integrity of a patient’s protected health information (PHI).
Why is it important to protect privacy?
There are many aspects of patient privacy that are important. Unfortunately, some healthcare conditions – particularly ones relating to sexual health – are still stigmatised by society. Thus, if a person’s health information is shared with unauthorized personnel, it can have serious social consequences for them. In other instances, it is about preserving human dignity – there has been a shocking spate of recent cases where nurses’ aides were caught sharing photos of incontinent or undressed patients on social media. By legislating against such actions, those responsible will face consequences. Those consequences can, in turn, deter others from carrying out the same actions.
Why target health data?
Aside from affronting their human dignity, there are other consequences on the patient for the unlawful access of PHI. Healthcare data has a huge value on the black market (with a single file of PHI potentially reaching $20,000). This means that is both a target of cyberattacks and employees hoping to profit from the information. HIPAA requires that all healthcare data is encrypted, reducing the likelihood that it can be accessed and read in the event of a cyberattack.
Healthcare data is so valuable because it usually contains a lot of individual pieces of information – as well as names and addresses, it usually has Social Security Numbers, claims information and details on financial accounts. These pieces of information can be hard to change or cancel, so even if a HIPAA breach has been detected the information is still “valid” for a longer period than, say, credit card details.
If such data has been accessed or sold, it can then be used to commit fraud. In the healthcare industry, this can mean claiming treatment on someone else’s insurance or even illegally getting restricted drugs via their prescriptions. All can have devastating consequences on the victim. Until it has been proven to be fraud, their insurance premiums will increase and it will be harder for them to access prescriptions in the future.
The data from different PHI files can also be combined to create a new identity. This, again, can hugely complicate the lives of victims as they may receive bills or even court notices intended for their impersonator.
Unfortunately, as PHI has such a high value, patients are increasingly put at risk from cyberattacks or even malicious employees intending to sell their data. This can lead to healthcare fraud, making it difficult for patients to buy insurance or get treatment in the future, or other financial fraud. However, there are also social consequences of unlawful sharing of PHI. Patients may be stigmatized because of their condition, or humiliated by ignorant employees on social media. HIPAA is in place for a reason – to protect patient privacy. All healthcare workers should be made aware of its importance, both from a social and economic perspective.