Administrative Ethics HIPAA Rules

AdministrativeEthics: HIPAA Rules

AdministrativeEthics: HIPAA Rules

Healthcare professionals are guided by laws and ethical codes of conductthat protect them from unethical and legal issues. Ethical guidelinesare provided by the legislation or by professional bodies thatformulate codes of conduct. For example, the Health InsurancePortability and Accountability (HIPAA) is a legislation that enhancesthe protection of client’s confidentiality and health careinformation (Lubell, 2015). This paper will analyze the article“HIPAA gets tougher on physicians” with a focus on the impact ofnon-compliance with HIPAA provisions on patients.

HIPAArules and their impact on patients

Thearticle “HIPAA gets tougher on physicians” was authored byJennifer Lubell and published by the American Medical News onFebruary 4, 2013. Lubell provides a discussion on how HIPAA ruleshave been advanced with time in order to contain the escalating riskof losing personal data from the databases owned and managed bydifferent health care facilities. The rapid technological advancesachieved in the health care sector have come with an equal share ofchallenges, where patients’ data has become more vulnerable tounauthorized access. To this end, the stakeholders in the health careindustry have been trying to amend HIPAA rules with the objective ofaddressing emerging challenges and push the health care practitionersto ensure that client’s personal information is protected.

Theneed for changing the HIPAA rules has been necessitated by the factthat the current rules have been ineffective. This is confirmed bythe fact that data breach in the health care sector has beenincreasing with the increase in technological advances. The lenientrules have made the physician to relax and fail to take all thenecessary measures to protect patients’ information fromunauthorized access. Consequently, the identity of many patients hasbeen stolen by people who are able to access their personalinformation (including their names and social security numbers) fromnegligent physicians and other practitioners. People who acquire thesocial security number from patient records illegally can use it tosteal patient’s benefits, commit a crime using the stolen identity,file for fraudulent tax refunds, access medical care, and openfinancial accounts (DiGangi, 2015).

Argumentsthat support the projected solution

Lubellproposes a change in HIPAA rules to ensure that health careprofessionals who subject the patients to the risk of losing theirprivacy are fined heavily. Lubell believes that health careprofessionals fail to apply the standard measures (such as encryptingelectronic data records) because the existing laws too lenient tocontain this negligence. Lubell argues that the previous set of HIPAArules gave a lot of discretion to leaders of health care facilitiesto determine when patients and government agencies should be notifiedabout a data breach. For example, the health care facilities wereexpected to assess potential impact of the data breach on patientsand notify them only if they perceive that the impact of the breachwill be significant.

Therevised rules require healthcare professionals to notify the affectedpatients irrespective of the magnitude of the data breach. Inaddition, Lubell argues that increasing the maximum fine that aprovider can be charged with from $ 25,000 to $ 1.5 million percalendar year will force providers to be more conscious and takepatients’ privacy more seriously. However, Libel asserts that HIPAAcan work if the strict rules are well communicated to thestakeholders. For example, displaying the strict rules in theprominent sections (such as doctors’ offices and websites owned byhospitals) where health care providers can see more frequent willenhance compliance.

Ethicaland legal issues reported for non-compliance with the HIPAA rules

Failureby the health care providers to comply with the HIPAA rules is asignificant ethical issue in the health care industry. This isbecause non-compliance puts the patients’ privacy at stake becausesince their personal information can easily get into the hands ofcriminals. The American Medical Association Code of Ethics requiresall health care professionals to safeguard clients’ privacy andconfidence within the constraints of law (AMA, 2015). Therefore, thenegligent health care professionals who fail to protect patients’information breach the code of ethics that guide their practices.

Casesof data breach, especially those that result from negligence leads tolegal litigations being filed against the health care professionals.Professionals who subject patient’s information to unauthorizedaccess should be sued and fined up $ 1.5 million under the currentHIPAA rules (Lubell, 2015). Therefore, professionals who fail tocomply with HIPAA end up conflicting with codes of ethics and thejudicial system.

Managerialresponsibility in enhancing compliance with HIPAA

Allmanagers of the health care facilities have a role to play inensuring that all provisions of HIPAA. Human resource manager shouldorganize for the training of all health care professionals on the newHIPAA provisions (Find Law, 2015). The hospital administrators andsupervisors should ensure that HIPAA rules are posted in prominentlocations in order to help the read them frequently and enhancecompliance. The chief finance officer should provide adequateresources for successful training of employees on HIPAA rules andfinance all operations that are intended to enhance professionals’compliance with provisions of HIPAA. The top management (includingthe CEO) should play the role of encouraging and motivating healthcare employees to learn about and comply with provisions of HIPAA.The concerted efforts of all managers in ensuring that provisions ofHIPAA are followed by all health care providers can reduce ethical aswell as legal issues that result from negligence.


Lubellproposes an increase in enforcement of HIPAA rules. This is based onthe notion that the existence of strict laws without effectiveenforcement will make no difference. The law enforcers (including thepolice officers) should also be acquainted with HIPAA rules in orderto help them detect cases of non-compliance and take the necessarylegal actions. Effective law enforcement may also require bothinternal and external whistleblowers since most health care providersdo not reveal data breaches in order to avoid a negative effect ontheir image.

Inconclusion, non-compliance with HIPAA rules subjects client personalinformation to the risk of being accessed by unauthorized persons.Criminals who steal patients’ personal information can useaccomplish their criminal objectives. The health care professionalswho fail to comply with HIPAA rules breach their ethical codes ofconduct and can be sued for negligence. Cases of data breach havebeen increasing with time because HIPAA rules have been lenient forlong. Therefore, reforming HIPAA provisions can create a platform foraddressing privacy issues in the health care industry. However, thestrict rules be followed by effective enforcement.


AmericanMedical Association (2015). Principles of medical ethics. AMA.Retrieved June 27, 2015, from

DiGangi,C. (2015, February 17). Five things an identity thief can do withyour security number. BetterFinancial Decisions.Retrieved June 27, 2015, from

FindLaw (2015). HR’s role in HIPAA security compliance. FindLaw.Retrieved June 27, 2015, from

Lubell,J. (2015, February 4). HIPAA gets tougher on physicians. AmericanMedical News.Retrieved June 27, 2015, from