This book covers a specific corner of the healthcare reform initiative, regardless of the individual mandates’ impacts (or what was lack thereof during prehealth reform periods), which is Title II of the Health Information Privacy and Accountability Act (HIPAA). HIPAA is the confidentiality clause for patients, so this chapter will provide a strong platform for how using electronic medical records systems in hospital settings will impact privacy and confidentiality regulations and safe record keeping for patients. HIPAA has impacts on every level (the local, state, and federal level), which is why HIPAA is being covered first before discussion of HIT’s impact on the organization. By providing a clearer picture of how policymakers framed HIPAA, the perceived benefits of HIT should shine through.

The idea is to analyze the stakeholders that took part in the framing and planning of the law and are impacted parties from the increased regulation over privacy and confidentiality stipulations in using healthcare technology. This chapter is broken down into sections including: the introduction and policy window^* that brought HIPAA to the forefront, theoretical underpinnings to explain the nature of the law, stakeholder analysis from the bill’s formation and impacts, and, finally, how this is all currently impacting and projected to impact the United States and the world in the future.

Looking briefly at the basics of HIPAA, it was introduced as a bipartisan bill by Senators Edward Kennedy and Nancy Kassebaum in order to address the issues of healthcare portability, privacy, and confidentiality in its Title I through Title V as well as healthcare information technology as part of Title VIII. It was passed in 1996 by Congress; however, Congress quickly washed its hands of the responsibilities of framing the law. Rather, the Department of Health and Human Services (DHHS) and Office of Civil Rights (OCR) took on the responsibility of defining it. In general, the field of healthcare information management takes time, resources, capital, and compliance from various stakeholders. Thus, through the changes and new requirements of HIPAA, there has been a widespread revamp of the enforcement of healthcare technology concerns and it relies on the various parties to transition properly. Enforcement and interpretation of HIPAA occurs through the OCR of the DHHS. A civil money penalty of between $100 and $25,000 annually can be implemented for HIPAA violations by the Secretary of Health and Human Services, so there are steep penalties for not complying with HIT regulations in HIPAA, for the organizations, consultants, and physicians as well as the patients involved.

After the Affordable Care Act and healthcare reform changes of 2009–2011, some major steps in the process of using health IT have been created. One of them is the process of making sure health plans comply with the regulations and operating rules for each of the HIPAA covered transactions where the patient, physician, and insurance companies may have a stake. Next, a unique, standard Health Plan Identifier (HPID) will be set in place that will require compliance by three stakeholders: staff, physicians, and clinicians, and, again, the health insurance companies as well as developers of health technology who will need to create databases to document the ID numbers of each patient. Another addition is the inclusion of a standard set of operating rules for electronic funds transfer (EFT), electronic remittance advice (ERA), and claims attachments. This is very important for various stakeholders, such as the insurance companies, patients, and the physician.

The Center for Medicaid and Medicare Services (CMS) has specified the entities that are required to comply and be covered with HIPAA. These include healthcare providers, such as doctors’ offices and hospitals, healthcare plan providers, and the health insurance companies. Companies who provide services on behalf of covered entities also are affected by HIPAA, as well as vendors who sell products to the healthcare industry. This may add a whole new dimension to how insurance companies will impact their patients (depending on whether HIPAA turns out to be beneficial) by making insurance companies more efficient, or if it slows down the claims process, especially for claims that may be based on government insurance plans, such as Medicare or Medicaid. This book focuses on Title II, which discusses health reform from fraud and abuse of patients’ confidential records.

Interestingly enough, other influences, such as the focus on the banking industry collapse, deregulation of and changes to the airlines, deregulation of the FDA (Food and Drug Administration), and more, actually led to the necessity of a new mechanism in place to regulate the healthcare system. The major crisis that seems to have led to healthcare reform is the costs of healthcare on both the federal deficit and at the individual level during a recessionary climate. Because of the U.S. financial meltdown, which began in 2006, there has been a push for transparency in the determination of healthcare premiums and costs of health insurance, as well as a domino effect for greater ethical provisions in every industry, both healthcare and nonhealthcare related, which has driven the importance of HIPAA. These two factors, as well as the backdrop of the other economic problems, such as increasing unemployment, have led the country into a state of healthcare reform, investment in healthcare technology, and an electronic medical record system across the board for premium hospitals. Along with this comes hope for new jobs in the field, as well as a more ethical way to conduct the healthcare business and improve the status of health overall. Running parallel, there is a need for strong healthcare ethical regulations to prevent the release, tampering, and misuse of the public’s confidential information.

Another possibility for why the topic of healthcare privacy reform reached the policy window is that the executive branch of the government pushed very resiliently in the direction of healthcare. It did not get distracted by other economic pressures and problems that could have diverted its focus, which has occurred in other administrations; rather, beginning with some pushes from President George W. Bush toward electronic medical records in the hospital setting, and now President Obama’s strong resolve in bringing the subject of healthcare to the forefront, the subject of fully implementing HIPAA has reached fruition in the policy window. The movement from a pluralist to a public choice theory (Kingdon, 2002), as well as a greater emphasis on the policy sciences, has been the fundamentals shaping how stakeholders influence HIPAA and how HIPAA in turn has impacted its original stakeholders. The most plausible scenario is that a strong push from the executive branch and the backdrop of a double dip recession where change was a necessity, rather than a luxury, has together united to cause the growth in the formation and need for HIPAA.

There has been a transition from a pluralist theory to a public choice theory in healthcare. The public choice theory proposed by Schneider and Ingram (1997) has some major takeaways and applications to HIPAA, though there are some criticism and counters that can be made to their perspectives. The pluralist theory revolved around the notion of elected elites and institutions playing an important role in democracy, as well as the role of the “invisible hand” and “free markets” (p. 14) in healthcare. This moved, in the early twenty-first century, to the need for implementing corrections to the way the healthcare system was running from its original self-correcting stance. A new notion of collectivity and how it is used to “aggregate” individual preferences in health plans becomes prevalent during healthcare reform. This translates into the satisfaction and welfare of health for the public good. The idea that preferences should be aggregated and that more people should be required to buy healthcare with tighter government regulations on how the plans are sold is counter to the free markets theory and is treated with cynicism in their book. Yet, this idea may be a fresh start from the direction pluralism was heading for so many decades in U.S. healthcare. Thus, the public choice theory, formed through HIPAA’s generation, is the first time individuals are making their own healthcare decisions, especially with changes to the health records and an infrastructure that is being remodeled. As a contrast to the pluralist view of an active citizenship, there is actually more bounded rationality^* during healthcare reform, which leaves many citizens confused and unsure of the new transition that is being set forth. Bounded rationality, a concept by Herbert Simon, discussed a mismatch between the information, incentives, and opportunities of a decision with the “bounds” placed on the decision by the environment. The bounds on the decision may limit the rationality or utility maximization of the decision. An example is purchasing health insurance, which may be limited by an individual’s place of work, health conditions, lifestyle, income, and other factors as well as uncertainties in the insurance plan itself such as penalties, deadlines, and rate hikes, that take effect from a certain date (during health reform). Rather than wait to receive all relevant information, individuals may panic and not make the most utility maximizing decision, limited by such environmental constraints.

The point that Schneider and Ingram make is to be wary of the public choice theory, because of the presence of so many fragmented groups and their power play. In these policy decisions, they state that at least two groups always lose for one groups’ personal victory. An example of this will be portrayed by the stakeholders analyzed in the pages to follow. While patient advocacy groups face the benefits of HIPAA through secure data and privacy considerations, physicians now require better auditing standards and quality control to care for electronic data storage. Taking this one step farther, it also should be noted that probability and perception of an individual’s decision, or risk analysis, makes him or her value his/her judgment and interest in a situation. So, if an individual or a stakeholder group’s perception of the healthcare market is not entirely impacted by the passage of HIPAA, they may not see a need to review the law more deeply or get involved in supporting or discussing it. This, as the authors point out, is a more realistic perspective than the pluralist theory.

Yet, at the same time there are some obvious pitfalls in the pluralist theory that Schneider and Ingram propose. Because groups begin to receive more power from the government, such as researchers, lobbyists, and the executive branch, they begin to organize and expand so that healthcare reaches its policy window. This is even more interesting considering HIPAA had already been created, but had not been able to stand on its own in policy debates until major healthcare reform discussions and legislation of 2009 and 2010. There is also a sense of rational choice theory for HIPAA legislation because of the gradual nature of the law’s formation and implementation. It was very much an incremental process rather than a spontaneous transition, though as policy sciences theory supports, the technology has helped in the quicker transformation of HIPAA from its theoretical beginnings to its applied current state.

Analyzing HIPAA through the public choice theory lens leads one to believe that government is ineffective and unclear of its interpretation and vision of the law; therefore, the law is open to interpretation, rather than held together by certain principles. While Congress’s role and the state’s role (which will be discussed next) are apathetic at best, it is interesting to see how they have had a role in changing individuals’ lives as well as the infrastructure of healthcare. While it may seem inefficient as a whole, once Title II of the law is closely analyzed, it is actually clear that there is room for growth in the area, as well as a place for new jobs and roles within the industry as well as new outcomes, especially a higher standard of quality care and cost effectiveness for the public as a whole. These effects stem partly from HIPAA regulations, making one think that the government’s role in HIPAA, using the public choice theory, cannot be all that ineffective as Schneider and Ingram claim, especially when long-term consequences from HIPPA prove beneficial.

Another important criticism of the public choice theory is its collective action and free rider problem. Those who are unhealthy and have health insurance will be driving up the cost of healthcare even more, therefore, a burden on other healthy people’s health plans. Yet, HIPAA should, in the long term, produce a more efficient mechanism that will engage more individuals and keep individuals from getting too sick through early detection and prevention of illness and disease. HIPAA provides a gateway to better healthcare through its structured data entry and trend toward use of electronic medical records that are private and confidential, so that patients need not worry that their records at the doctor’s office will be easily accessible to anyone. HIPAA also allows privacy between physicians and hospitals and a stronger coordination system so that records can be easily managed and accessible between communities, states, and across larger regions in a timely manner. Physicians also will be required to keep accountable records of their claims, billing, patients, and accounts. This again will impact patients through cost effectiveness and quality of care if physicians are keeping track of their fees, charges, and standards of care. At the same time, patients also may be held accountable for misusing emergency rooms and not getting preventive care if there is an electronic system in place. HIPAA also works to change earlier concerns for those who want to attend a Community Health Center clinic for a preventive care problem, but are worried they will need to redo massive stacks of paperwork, be denied healthcare coverage, or whose paperwork will not be kept private from employers or others who may discriminate due to a preexisting condition.

One last criticism I have of Schneider and Ingram is the assumption they make in their theory that humans are all rational beings. Some individuals panic more than others, and some may feel the need for their records to be more rigidly secured than others. Viewing insurance companies as profit maximizers rather than as rational beings changes their goals and may put pressure on them if they are unable to use patient data to their benefit to sell plans, especially under HIPAA. It may mean that HIPAA impacts them from a political and economic angle that could hurt their ability to do business, possibly driving up costs even more. An analysis of the major stakeholder groups involved will be discussed more in detail next.

Looking at the impacts of the policy through the eyes of Congress is complicated, to say the least. The stakeholders who now see healthcare reform in their policy window must act quickly to adjust and transition so that too much inertia does not prevent the law from being implemented. Yet, when the HIPAA law was presented to Congress, even the 24-month period provided to develop the national standards for the law were not enough. Congress had no answers. Also, initially, it was in Congress’s hands to provide protection against inappropriate use of protected health information (PHI). Thus, because Congress failed to develop the standards for HIPAA, the responsibility fell to the DHHS that now monitors HIPAA compliance (O’Herrin, Fost, and Kudsk, 2004, 772).

The change in shaping of the law from a legislative branch of government to governmental subunits may have impacted both the motives for the act and the amount of interest and support for parts of the act, based on political, economic, and financial concerns. It is said that these impacts will run deeper for business and government within the healthcare industry than for the public. With such an extensive set of rules and possible loopholes to the rules, could it be that the main focus of the law is to provide businesses easier access to the public’s data r...