| The purpose of this research was to evaluate the United States' process for guaranteeing healthcare professionals and hospitals adhere to patients' rights to privacy law. The main issue discussed is the effectiveness of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The policies that are in place by HIPAA also protect personal health information (PHI) within electronic healthcare record (EHR) systems, as required under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The impact of individual PHI loss includes identity theft, fraud, and blackmail. The impact of data breaches causes financial impact on both the patient as well as the healthcare industry, which includes hospitals, physicians' offices, healthcare insurance companies, and pharmacies. The Department of Health and Human Services (HHS) created a three-phase process and recommends those healthcare organizations that would like to implement an EHR system to follow these steps to help minimize the risk to PHI, provide quality healthcare, and ensure privacy and security measures are being followed under HIPAA. Encryption of all PHI data should occur to all parties including federal government websites to help reduce risk of PHI data and to have better security and privacy of this information. This research determined that initial, remedial, and ongoing training on EHR systems is critical to the success of protecting PHI.;Keywords: Cybersecurity, Professor Cynthia Gonnella, Privacy, Risks, Data Breaches, Meaningful Use. |
