Although President Obama’s executive orders address gun control, seven out of the twenty-three cover mental health reporting. Out of the seven orders, order number two has a direct impact on HIPAA and the security of healthcare information as a whole.
The seven Executive Orders that touch mental health reporting include:
2. Address unnecessary legal barriers, particularly relating to the Health Insurance Portability and Accountability Act (HIPAA), that may prevent states from making information available to the background check system.
14. Issue a Presidential Memorandum directing the Centers for Disease Control to research the causes and prevention of gun violence.
16. Clarify that the Affordable Care Act does not prohibit doctors asking their patients about guns in their homes.
17. Release a letter to health care providers clarifying that no federal law prohibits them from reporting threats of violence to law enforcement authorities.
20. Release a letter to state health officials clarifying the scope of mental health services that Medicaid plans must cover.
21. Finalize regulations clarifying essential health benefits and parity requirements within ACA exchanges.
22. Commit to finalizing mental health parity regulations.
Although understandable from one side of the glass, the other side makes the argument that healthcare facilities and their medical specialists can no longer maintain the privacy of their patients. It would seem as if most of what stands behind the idea and effort of a good information security system and avoiding leaks or breaches is weakened.
At the moment health information HIPAA Privacy Rule sets rules and limits on who can access personal healthcare information (PHI). Those who have access are exclusively health professionals and for the benefit of a patient’s effective and good medical care (treatment). Executive Order number two alone makes it impossible to fully secure patient data by overstepping the HIPAA law through the implementation of a nationalized central background check system accessible by the government.
The Executive Orders presented by President Obama will affect PHI security if implemented. Health facilities, executives, medical professionals and citizens (patients) need to be concerned and stay alert to developments. Furthermore, although the government may have access to PHI, this doesn’t mean healthcare facilities don’t have to comply with HIPAA and HITECH. Ensuring compliance and the security of PHI includes conducting regular risk assessments and having an information security plan in place. The Office of Civil Rights (OCR) is still auditing; so taking the necessary steps to prevent PHI breaches and meet regulatory compliance are still a must.
Being aware of the Executive Orders and their affect on who can access private health data, while having an information security strategy in place makes healthcare executives and CIOs successful in protecting their facility’s proper function and their patients. Organizations avoid data breaches, don’t fail audits, and continue to provide patients with the needed sense of security individuals want when it comes to entrusting the management of their personal medical data.
All worries and headaches regarding healthcare information security obligations and risks are resolved leaving room for other important leadership tasks and decisions.
Photo Courtesy of The U.S. Army