Complying with Health Care Law

Complying with Health Care Law

Identify a health care law that you must uphold and comply with in your work setting or industry, such as HIPAA, for example. Consider your role as a health care leader with respect to accountability from individual, organizational, legal and regulatory perspectives. Research the Capella University Library, your course texts, or the Internet for resources that might be applied to manage the requirements of the law. You might wish to include frameworks for decision-making models and risk management or compliance related tools, such as the Framework for Information Assurance Policy Compliance, found in one of your readings from this unit.

In your post, clearly and succinctly state the law and the problem. Integrate concepts from the course regarding: Applicable legal and regulatory considerations, institutional policies and procedures, and industry or professional guidelines, standards, or concepts which may apply. Exemplary posts will be succinct, state the problem, cite the model utilized, provide bullet point or other summary recommendations, and include references cited using the APA Style and Formatting guidelines.

Response Guidelines

Respond to the posts of at least two of your classmates, providing your observations and analysis of their chosen tool or model. Responses should be 250–500 words in length and include a minimum of four credible references, cited using the APA Style and Formatting guidelines.

Complying With Health Care Law


A law passed by the United States Congress in 1996 titled The Health Insurance Portability and Accountability Assurance Act (HIPAA) outlined the ability for citizens to continue health coverages when they lose or change their job without health disposition discrimination, put provisions in place to standardize billing processes and reduce fraud as well as required the protection of handling confidential health information by not disclosing any identifying patient information (Hammaker, 2011)

The HIPAA Privacy regulations require us as healthcare providers to ensure the protection of health information (PHI) with staff and business associates by way of education, developing policies and procedures and holding employees and business associates accountable to this. In scope for this expectation is oral, paper and electronic information. The rule outlines that only the minimal amount of information needed is to be shared with the receiving party as to protect the patient privacy (HHS, 2014).

It is the obligation of a health care provider to disclose any HIPAA violations to the victim/patient as well as self report to all applicable state or federal agencies. The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires health care providers do disclosure following any breach of PHI.

If a patient suspects a violation of their PHI they can file a complaint with an organizations Compliance Officer and/or the Office of Civil Rights under the Department of Health and Human Services. It is within the scope of responsibility of the Compliance Officer is to lead an organization to HIPAA compliance guiding policy and education within an organization (Carroll, 2012)

Healthcare law and policy alone will not assure this compliance, research demonstrates a person’s propensity to behave in compliance with HIPPA are related to influencing factors such as training and communication,  prior experience with technology, attitudes towards policy compliance, commitment, and the policy enforcement (Cannoy and Salam, 2010). They offer a Framework for Information Assurance Policy Compliance to facilitate an organizational through an assessment and action plan for success highlighting these areas of focus (Cannoy and Salam, 2010)

HealthIT, offers a Risk Assessment Tool, a tool to assist healthcare organizations with the self-assessment of HIPAA security risks. This activity is directed to health care providers and organizations as outlined in the Acts Security Rule. This tool guides a provider through a wheel of Identify, Assess, Manage and Safeguard (, 2014). They offer videos as well as printed resources. The source clearly state the tool itself is not meant as a requirement of HIPPA but rather a tool to assist one in doing any risk analysis which is required.



Hammaker, D. K. (2011). Health care management and the law: Principles and applications. Clifton Park, NY: Cengage p. 162



Department of Health and Human Resources (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA), Security Risk Assessment Tool



American Society for Healthcare Risk Management, & Carroll, R. (Ed.). (2009). Risk management handbook for health care organizations, student edition. San Francisco, CA: Jossey-Bass.p.6



Cannoy, S., & Salam, A. F. (2010). A Framework for Health Care Information Assurance Policy and Compliance. Communications of the ACM, 53(3), 126-131. doi:10.1145/1666420.1666453


"Is this question part of your assignment? We Can Help!"