Translate

Tuesday, June 10, 2014

The Importance of Hippa and Ferpa to Human Services - and the consequences of violations.


Brief History
Hippa was passed in 1996 for various reasons. Two important ones were
1. Congress recognized the need for privacy and security standards and the potential for abuse and compromise due to electronic medium such as email and social networking that was fast emerging.
2. Before Hippa, there was no Uniformity and rules varied from by state and organization. There was confusion as to which rules were applicable. The following are a few of the highlights in Hippa News[i] over the last decade, this is not an exhaustive list:
·       January 1, 2012 - HIPAA X12 standards Version 5010 compliance date. These standards are for the electronic transmission of certain health care transactions. Health care providers, health plans, and clearinghouses are required to conform. These standards are necessary to prepare for the implementation of ICD-10-CM scheduled for October 1, 2013.
·       May 23, 2008 - National Provider Identifier Compliance Deadline for Small Health Plans and the end of NPI Contingency Period.
·       April 21, 2005 - Security Compliance Deadline.
·       July 30, 2004 - Standard Unique Employer Identifier compliance deadline.
·       October 16, 2003 - Transaction and Code Sets - expected date of compliance for small health plans and covered entities that filed a compliance plan to delay implementation.
·       April 14, 2003 Privacy compliance deadline.
·       February 20, 2003 - Security Standards published.
·       February 20, 2003 - Modifications to Transactions and Code Sets Regulation and Implementation Guide Addenda Published.
·       October 16, 2002 - Transaction and Code Sets - expected date of compliance for covered entities that did not file a compliance plan to delay implementation.
·       August 14, 2002 - Final modifications to the Privacy Rule published.
·       May 31, 2002 - CMS announced the adoption of the EIN as the standard unique identifier for employers in the filing and processing of health care claims and other transactions.
·       December 28, 2000 - Privacy Final Rule Published.
·       August 17, 2000 - Transaction and Code Sets Final Rule Published.
·       August 21, 1999 - Deadline for Congress to enact legislation governing the privacy of individually identifiable health information standards. Because Congress failed to meet the deadline, HIPAA requires the Secretary of Health and Human Services to promulgate such standards by regulation.
·       November 3, 1999 - Privacy NRPM (Notice of Proposed Rule Making) published.
·       August 12, 1998 - Security NRPM published.
·       June 16, 1998 - National Employer Identifier NRPM published.
·       May 7, 1998 - National Provider Identifier NRPM publishedTransactions and Code Sets NRPM published.

Ferpa, also known as The Family Educational Rights and Privacy Act was signed into law by President Gerald Ford in 1974. Whereas Ferpa protects the privacy of student records Hippa protects the privacy and security of a patient’s health records and information.
Congress has amended FERPA a total of nine times in the nearly 28 years since its enactment, as follows[ii]:
·       P.L. 93-568, Dec. 31, 1974, effective Nov. 19, 1974 (Buckley/Pell Amendment)
·       P.L. 96-46, Aug. 6, 1979 (Amendments to Education Amendments of 1978)
·       P.L. 96-88, Oct. 17, 1979 (Establishment of Department of Education)
·       P.L. 101-542, Nov. 8, 1990 (Campus Security Act)
·       P.L. 102-325, July 23, 1992 (Higher Education Amendments of 1992)
·       P.L. 103-382, Oct. 20, 1994 (Improving America's Schools Act)
·       P.L. 105-244, Oct. 7, 1998 (Higher Education Amendments of 1998)
·       P.L. 106-386, Oct. 28, 2000 (Campus Sex Crime Prevention Act)
·       P.L. 107-56, Oct. 26, 2001 (USA PATRIOT Act of 2001)

      Hippa and Ferpa are important Federal Laws and fall under Civil Rights category. Any report of breach in security or confidentiality reported to the Federal Government is administered by the OCR (Office of Civil Rights. As mentioned earlier, there was no standard procedure for monitoring and protecting patients and students privacy. Congress enacted Hippa to improve the efficiency and effectiveness in the electronic standards of health transactions and to protect the privacy and security of patients.

Ferpa on the other hand protects the privacy of student records in those schools that receive Federal Funding under programs administered by the United States Dept. of Education. This would include public schools, medical and other professional schools. Institutions are not allowed to share any personally identifiable or educational records without the students or parents consent. Private and religious schools are generally exempt from Ferpa.

Hippa and Ferpa are very important in the Human Services field for many reasons. On a personal level, I can say that they facilitate some level of trust between a patient/student and the institution that possesess such records. In this current era of identity theft, stalking, and other criminal activity, it becomes important to secure and protect the privacy of clients who are entrusting a human services worker with their life’s history.  Breaking that trust is detrimental to the whole meaning of the word service connected with the word human. We are attempting to serve human beings who are often vulnerable, for instance, an abused woman. It is crucial to keep that type of clients’ information secure and private lest their address becomes public knowledge.

Violations have happened and the fines can be quite steep from losing one’s job to actual imprisonment. One example of a violation involves the social network FaceBook. A group of 13 emergency workers started a page with good intentions to just talk about the day’s activities. However, as is often the case on social networks, people forget that it is not a very private medium and that it is in fact very public. People let their guard down and divulge frustrations related to the days dealings with their clients. That is exactly what happened with this group on FaceBook and they were fired. The hospital reasoned that anyone who had access to the page could put enough information together to identify patients.

If your employer does not have a counseling program set up in house, then perhaps you may want to suggest one. Employees need a place to safely vent their frustrations and learn some techniques in dealing with the stresses that accompany a human service workers job. Expecting employees to “just handle” the public is unrealistic and counter-productive to providing service to the public. Also remember that talking about your clients outside of work, no matter how rude and belligerent they behave, betrays trust and can cost your job or career. In a worst-case scenario, it can land you some jail time. One of the best bits of advice is from an ancient proverb, “Do to others as you would have them do to you.” Remember, you are not only a public servant while on the job; when you leave the office; you become part of the public. If you had to go to your office to obtain help, how would you want to be treated?  How would you want your records taken care of? Someone in an office is probably processing some record of yours perhaps your doctor, lawyer, college, or your dentist.

Hippa and Ferpa are in place to insure that our information remains private. That includes becoming a verbal vault that safeguards the public’s privacy. As a social worker/human services worker, we have a solemn duty to honor those that depend on us for help when they are often in a crisis emotionally and physically.



[i] All Things Medical Billing ( 2012). History of HIPAA. ONLINE] Available at: http://www.all-things-  
  hipaa.html. [Last Accessed January 30, 2013].
[ii] U.S. Department of Education (Last updated June 2002). Legislative History of Major FERPA
  Provisions. [ONLINE]    
   Available at: http://www2.ed.gov/policy/gen/guid/fpco/ferpa/leg-history.html. [Last Accessed January
   31,2013].