Information Systems and Health Insurance & Accountability Act

The acronym HIPAA stands for Health Insurance and Accountability Act. The act has the mandate of establishing federal standards aimed at safeguarding the health information of individuals undergoing treatment. The information deemed private includes but is not limited to the social security numbers, images and photographs of patients, vehicle registration numbers, medical record numbers, and health plan numbers.

The standards dictate that a patient authorizes or consents to the access of protected personal medical data. Only people entrusted with the direct care of the patient should access the information. Health care providers must remain bound to the set privacy standards. With the introduction of electronic systems for managing medical records, there is the elevation of the possibility of private information exposure. Failure to adhere to set privacy standards leads to severe consequences, including job suspension and termination (“Importance of HIPAA for nurses’’, 2009, p. 14).

JCAHO is an acronym depicting the Joint Commission on Accreditation of Healthcare Organizations. The commission has representatives from the private medical center. The body aims at developing and monitoring adherence to high standards of health services provision. The body is independent of any government regulatory agencies and lacks legal enforcement power. However, JCAHO accredited health centers give the public an impression of enhanced quality. Many centers, therefore, implement the policies regardless of lack of government enforcement. The existence of the accreditation instills confidence in the public, especially in the private sector.

JCAHO compliance involves annual proactive risk assessment in an effort to monitor efficiency. Widespread compliance of health centers with JCAHO challenges government health facilities to join the campaign in order to remain competitive. Accreditation in public facilities enhances fair play with the private sector leading to overall efficiency in the delivery of health services (Myers, 2011).

The Chief Information Officers (CIOs) have the mandate of implementing electronic medical record systems. They also ensure patients receive quality service and maintain privacy. In addition, CIOs bridge the gap through which information transcends from regulatory bodies to the health care workforce. HIPAA privacy act aims at safeguarding clients’ information against unauthorized access. The Chief information officers must, therefore, remain conscious of the privacy act since failure to do so may result in breaching the act. The officer must establish a way of restricting access as well as identifying culprits who violate the privacy act.

JCAHO accreditation, on the other hand, seeks adherence to high health standards. The above bodies lie directly within the scope of the Chief Information Officer mandate. Any health Information officer must remain conscious of such bodies due to the business development opportunity made available. Lack of updated information can cause an organization to miss out on business opportunities in a competitive market (Dunford, 2009, p.4).

In one scenario, Cignet Health emerged culprit in violation of HIPAA. Cignet, a network of four outpatient clinics operating in Southern Maryland, Washington area, violated the policy triggering the department of human and health services to impose a civil monetary penalty amounting to $ 4.3 Million. Office of Civil Rights investigated the matter and proposed a monetary penalty. While investigating, OCR affirmed the allegations lodged by 41 patients previously denied access to their medical records. HIPAA act has a clause that provides patients with a right to demand copies of their medical records.

The health service provider should yield to the demand within a span of 30 days and should under no circumstances exceed 60 days. The violations occurred between September 2008 and October 2009. Further, Cignet failed to submit the records to the Office of Civil Rights during the investigation. This prompted the OCR to raise a subpoena which also faced resistance. The failure to cooperate amounted to conscious neglect to comply with the privacy rule. OCR cited that the failure prevented individuals from obtaining continuing healthcare elsewhere. This was a violation of the patients’ right to seek alternative care. Strict adherence to the privacy rule coupled with the willful release of information to investigating officers was the only way to avoid the hefty sanction imposed by OCR (Dowell, n.d.).

In another scenario, Rite Aid Corporation (RAC) and its 40 affiliations paid $ 1 Million as a settlement for violating the HIPAA Privacy Rule. Media reports triggered OCR to action due to claims of failure to safeguard customer privacy. The media reported incidences in various cities across the United States where pharmacies disposed pill bottles with labels exposing the health information of customers. The HIPAA guidelines do not condone the disposal of health information in an industrial trash can. When disposed of publicly, the health information is accessible to unauthorized people. Such a violation exposes an individual to a risk of identity theft.

The incident also exposed possible violations of the Federal Trade Commission Act (FTC). OCR conducted the investigation in conjunction with Health and Human Services acting on behalf of FTC. Lack of proper training of the employees in matters concerning HIPAA privacy rule, failure to implement adequate policies and procedures, and poor maintenance of employee sanctions policy formed the principal part of the failure to comply. Rite Aid Corporation agreed to implement a corrective action involving revision and distribution of its disposal policies, training of the workforce, carrying out internal monitoring, and engaging third-party audits on compliance under the directive of Health and Human Services (Dowell, n.d.).


Dowell, M.A. (n.d.). Compliance Program Implications of Recent HIPAA Privacy Enforcement Activities. Web.

Dunford, M. (2009) Viewpoints from Leading Healthcare Chief Information Officers; Facts, Priorities, Salaries and Advice to Future CIOs. Web.

Myers, S. (2012). Patient safety and hospital accreditation: A model for ensuring success. New York: Springer Pub. Co.

The Importance of HIPAA for Nurses. (2009) Arizona State Board of Nursing: Regulatory Journal 4(3). Web.

Find out your order's cost