Legal Aspects of Health Information Management

The survival of Health care organizations relies on a wide range of factors where the patient information constitutes the superior position and challenging task to the medical professionals. The intervention of authorities and governing bodies have contributed to the development of certain laws to secure patient information to maintain their privacy or confidentiality. So, the present description is concerned with highlighting the legal aspects of health information management in a similar context.

Previously, medial values were reported to be largely influenced by the purity of the doctor/patient relationship, the confidentiality of the communication between the physician and the patient, and production and maintenance of an accurate medical record (Wernert, 1995).

The increasing requirements of payers, the providers, and the patients have led to the development of computerized patient records that were believed to store large amounts of information and handle the data more efficiently. But there were concerns that it could hurt the patient’s privacy and right to confidentiality (Wernert, 1995). There was no comprehensive federal legislation dealing with the privacy of a citizen’s electronic medical record.

The suggested remedy for this problem was to inform the patients about the drawbacks of security measures and to warn them of the threats involved in the maintenance of confidentiality of the medical record (Wernert, 1995).

With the advent of internet technology, the maintenance of patient records has become much more feasible through internet-based health-record management (Choe & Yoo, 2008). The prerequisites for this approach were strong data protection to prevent privacy intrusion and unauthorized access, the introduction of a common healthcare-record format to allow cooperation using heterogeneous repositories held at various hospitals (Choe & Yoo, 2008). It enables a secured communication between various health repositories with different formats and different hospital policies.

As such, patients or the authorized clients could retrieve the pertinent healthcare data in an XML-based common data format with confidentiality (Choe & Yoo, 2008).

Therefore, this approach is secured and useful for cooperative healthcare and the creation of lifetime healthcare records. This has strengthened another report that emphasized the utility of Internet protocols, particularly Hypertext Transfer Protocol (HTTP) (Herrin & Dempsey, 2008).

It was described that World Wide Web (WWW) could provide a reliable, broadly distributed database framework with the minimum threat to security and confidentiality of patient data (Herrin & Dempsey, 2008).

However, there may be a need to take precautionary measures as it could carry additional risk of security violations due to web-enabling a database. This may indicate that an online system of maintaining patient records has both benefits and limitations. Therefore, modern technologies currently in practice in various hospitals may need urgent attention.

Further, there could be chances of legal risks connected with the patient record maintenance and there is a need for the doctors to protect themselves to keep off from the patients who turned out to be better educated and more assertive than ever before (Bernoni & Leeuw, 2008). This could prompt the handling of every patient record as if it could be summoned to a courtroom and scrutinized by an attorney, judge, or jury (Bernoni & Leeuw, 2008).

So, in order to withstand any likely future clinical and legal problems, totally accurate, objective, and honest patient records are the only alternatives (Bernoni & Leeuw, 2008).

This way of maintaining patient records may have future implications as it would hopefully promote greater patient understanding of their rights and privileges to their records (Bernoni & Leeuw, 2008). A contribution from regional health care centers was reported to influence the quality of healthcare through the collection, analysis, and dissemination of information about chronic diseases (Boyens, Krishnan & Padman, 2008).

This could be possible from the participation of several organizations such as insurers, physicians, hospitals, pharmacies, and labs which could collect and maintain data for the purpose of an efficient healthcare delivery (Boyens, Krishnan & Padman, 2008).

Here, mediators were supposed to play an important role by creating and releasing the health reports after raw data gets generated. The data would be concerned with the privacy problems that arise in the healthcare context with regard to the linkage of information about patients, physicians, and diseases (Boyens, Krishnan & Padman, 2008).

This may indicate that much of the reliable patient information remains with the regional health care centers and it is their responsibility to modulate the strategies to protect patient privacy. Hence, such organizations should be kept under close surveillance by the authorities who value patient privacy.

The process of ensuring privacy to patient records was streamlined by a privacy regulation issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Walker, 2002). Earlier many health is organizations including dental schools, were made to fulfill the numerous requirements described within the administrative simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Walker, 2002). This could act regulate the management of health care transactions while protecting the privacy of certain written, oral, and electronic patient information. Five stages have been proposed that could help dental schools to abide by the HIPAA policy (Walker, 2002). The first stage requires the selection of a HIPAA task force, the second stage would verify the current states of confidentiality and security, manages the electronic transactions standards, and composes a gap analysis. The third stage was intended for studying the risk analysis in management (Walker, 2002).

The fourth stage includes technical modifications, policies and procedures, legal input, and training. The fifth stage would address the maintenance of the implementation (Walker, 2002). Although these stages were highlighted with regard to the dental schools, it is reasonable to assume that they could be equally applicable for other departments of health care organizations.

This act was reported to have a significant role in the conduct of clinical research in the United States. (Nosowsky and Giordano, 2006).Although it has some limitations, revisions have been made to better educate the health care providers and researchers about its requirements.

This could make an individual develop an interest in privacy protection equally with the public interest in gaining knowledge through biomedical research with the hope of correcting the pitfalls in the system (Nosowsky, & Giordano, 2006). The actual challenges of HIPAA were to restructure the insurance market and ensure a smooth healthcare administrative process.

In addition, other major health care issues such as security, privacy, and patient confidentiality were undertaken by HIPAA (Banks, 2006). The introduction of 400 different formats and the Final Rule for Standards for Electronic Transactions and Code Sets by the Secretary of Health and Human Services (DHHS) has further refined the policies of HIPAA. This permitted HIPAA to offer a more efficient and reliable means of sharing and disseminating crucial healthcare information (Banks, 2006). However, it was revealed that many health care providers were not fully compliant with the security and privacy regulations mandated by HIPAA and the maintenance of standards was considered to be a financial task in the health care industry (Banks, 2006). Therefore, there is a need to overcome the issues relevant to the implementation and management of HIPAA.

Since the management of health care information was better connected to the hospital governing boards and medical staff, their interdependent, independent, and discordant relationships were reported to contribute to a failure in providing quality and patient-centered care. Although some case laws revealed the association between the governing boards and poor quality of patient care, problems continued to exist due to the misuse of healthcare services by oversight (Marren, Feazell, & Paddock, 2003). So, there may be a need for legislation that should emphasize various health care constituencies to develop awareness about these cultural impacts that would facilitate integration among multidisciplinary bodies, board leaders, and direct authorities for quality information (Marren, Feazell, & Paddock, 2003).

However, it is reasonable to mention that the management of health information is associated with the patient’s rights. As such, they have a right to anticipate that their personal information would remain confidential when they consult a registered practitioner (Mair, 2008). In contrast, the situation might vary when the patient consults a doctor. This could be due to the fact that the ownership of medical records created by that doctor would be in question when the doctor leaves the business (Mair, 2008). Hence, privacy legislation should be able to resolve the disputes emanating from the disparities in the management of health information concerned with the patient’s profile (Mair, 2008).

In view of the above sources, it could be inferred that health information management has a huge role to play to influence the quality of health care. Patient information was considered to be a foremost challenging task due to the ever-growing threats, negligence, and disputes that are supposed to interfere in all aspects of their life. It is time for the legislation to act stringently against the errors, spontaneous or artificial, that have become overgrown in the health care industry.


  1. Wernert, J.J. (1995). Maintaining confidentiality of computerized medical records. Indiana Med, 88, 440-4.
  2. Choe, J., & Yoo, SK. (2008). “Web-based secure access from multiple patient repositories.” Int J Med Inform, 77, 242-8.
  3. Herrin, J., & Dempsey, B.J. 3rd. (2000). Web-enabled medical databases: a threat to security? Methods Inf Med, 39,298-302.
  4. Bernoni, L., & Leeuw, W. (2008). Maintaining proper dental records. Dent Assist, 77, 6-8.
  5. Boyens, C., Krishnan, R., Padman, R. (2004). “Privacy-preserving data releases for health report generation.” Stud Health Technol Inform, 107, 1268-72.
  6. Walker, R. A. (2002). HIPAA strategy for dental schools. Dent Educ, 66, 624-33
  7. Nosowsky, R., & Giordano, T.J. (2006).The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule: implications for clinical research. Annu Rev Med, 57, 575-90.
  8. Banks, DL. (2006). The Health Insurance Portability and Accountability Act: does it live up to the promise? J Med Syst 30, 45-50.
  9. Marren, J.P., Feazell, G.L., Paddock. M.W.(2003). The hospital board at risk and the need to restructure the relationship with the medical staff: bylaws, peer review and related solutions. Ann Health Law, 12, 179-234.
  10. Mair, J. Privacy laws: who owns information compiled as part of a business? HIM J, 37, 55-7
Find out your order's cost