In this chapter, you will learn to
Recognize unique legal issues in healthcare information protection
Identify applicable regulations that govern healthcare information privacy and security
Comprehend the relationship between regulations and internal organizational guidance
Appreciate governance frameworks to manage internal organizational policies
Be introduced to international regulatory controls for privacy and security
Review transnational and cross-jurisdictional issues related to information sharing
The importance of applying the proper privacy and security controls on healthcare information is probably exemplified best by the level and gravity of the regulatory environment that shapes all we do. Our efforts are deliberate and directly linked to numerous standards. From the most local policies and procedures to global practices, our work is not left to chance. Our starting point in understanding this regulatory environment is to introduce the governing process from a practical perspective. This chapter focuses on how standards apply to your organization and how they coincide with national and international standards.
It's important to understand a few of the applicable regulations that govern healthcare. From a practical standpoint, you are most likely to need to know the local policies and procedures that govern your organization. However, you are well served to be aware of the national and international laws that shape those policies and procedures at the local level. Within the United States, state and local regulations may be even more important than the national regulations. For instance, Massachusetts has privacy laws that apply to healthcare delivered to Massachusetts residents. What follows is an overview of the pertinent higher-level regulations you need to know.
The healthcare industry is highly regulated. In the United States, it is regulated at the local, state, and federal levels by rules that are often specific to healthcare. For instance, you are familiar with the Health Insurance Portability and Accountability Act (HIPAA) and its amendments—the Privacy Rule, the Security Rule, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the recent Omnibus HIPAA Final Rule. There are also numerous individual state medical privacy laws. However, healthcare also must comply with regulations that apply across other industries such as the Gramm-Leach-Bliley Act (GLBA) and the Red Flags Rule governed by the Federal Trade Commission (FTC) standards.
Internationally, much of the regulation of healthcare is found in privacy and security directives that extend across all industries. Some have specific mentions and guidance for healthcare. In general, the international view of safeguarding an individual's identifying information is a human right. So, every industry is held to a high but universal standard. Examples of these are the European Union's Data Protection Directive (DPD) Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Australia's Privacy Amendment (Private Sector) Act of 2000. In the following sections, we discuss some of the most important areas where legal issues pertain ...