1- The purpose of a provider contract is to frame, define and govern the relationship between a health care professional and a managed care organization. The provisions of a contract can affect payment, office organization, practice and procedures, confidential records and clinical decision making (Anonymous, 2016). Managed care income has the potential to be a significant percentage of a health care organizations revenue and it the contract is negotiated correctly it can provide financial stability and yield more income through new insurance products and models (Vega, 2016). An effective managed are contract will be clear, concise, consistent and comprehensive. It sets out the rights and responsibilities of both parties and fulfills the requirements of state and federal law.
2- The purpose of a provider contract is to formalize the relationship between a managed care organization and the provider (Kongstvedt, 2007). A well-written contract can do more than make the relationship legal; it can foster a positive relationship between the parties. Since a provider contact is the foundation for the relationship between a provider and a managed care organization, it’s critical that the document reflects the full intentions of both parties. By detailing out the relationships, services, obligations and objectives, a good provider contract can facilitate a smooth working relationship between the two parties. It can remove any ambiguities and provide clarity on how the parties need to operationalize their systems in order to meet the intentions of the contract.
3- The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its related amendments work to maintain the security of protected health information (PHI). PHI is generally regarded as the information in any form including electronic, oral, and paper-based generated and used for the purposes of delivering, maintaining, or paying for health care services of an individual health care consumer. The definition and understanding of PHI is intentionally broad in an effort to protect the identities of health care consumers in the delivery of health care services, including payment of those services by a managed care organization (MCO). HIPPA privacy regulations prohibit MCOs from disclosing PHI for purposes outside those intended for payment, utilization, and health management. PHI disclosure is permitted for payment, treatment, and other health related services. To meet this demand the MCO may share PHI with plan sponsors, business associates with a vested interest in the delivery of health services to an individual. It may also disclose information to the plan member and any entity as required by legal mandate (Kongstvedt, 2007). Any other use or disclosure of PHI must be preceded by specific authorization from the plan beneficiary. From an administrative standpoint, the MCO must establish policies and practices that maintain the security of PHI and provide training and enforcement related to these policies. The MCO must also make known to plan beneficiaries the existence of these policies and provide mechanisms for review as well as complain processing of privacy violations. The management and security of PHI has become an important public policy issue as the American system of health care delivery has entered the digital age. The use of electronic health records (EHR) and other related mechanisms of handling PHI has been encouraged in an effort to improve health services, reduce fragmentation in care delivery, control costs, and support elements of patient-centeredness. The ease of access to confidential information by the many health care professionals who need to use this information makes protection of this information from access by the wrong entities critically important. While the confidentiality and security of PHI are addressed under HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act, this does not in and of itself guarantee the security of PHI. An example that aptly illustrates this threat occurred in 2009 when unencrypted laptop computers were stolen from Florida based health insurer AvMed. The computers contained member names, social security numbers, birth dates, addresses, and PHI of over one million individuals (McCann, 2012). Developing strategies for ensuring the confidentiality and security of PHI has become a critical venture for health care organizations. Data encryption has been identified as an important integral component of information security strategies employed by health care organizations. It is also a HIPAA requirement as well as a Safe Harbor provision under HITECH (Rodak, 2011). Strategies employed at the University of Virginia Medical Center (UVAMC) include data encryption of all medical center owned computers and digital management devices. This includes hand-held devices such as PDAs, smart phones, laptops, as well as mobile and stationary work stations. These devices must have their memories and hard drives encrypted before they can be placed into use at the medical center. In addition, personal hand-held devices such as smart phones must be encrypted before they can interface with our medical records system. Another approach we employ addresses issues related to PHI in research and public reporting. A function of our EMR can automatically identify and remove PHI from medical records that are being reviewed for inclusion in research programs and public reporting functions. This helps to prevent the inadvertent release of PHI to the public. Together these functions along with other HIPAA and HITECH mandated approaches to information security help UVAMC to protect the privacy of our clients and keep their PHI secure.
4- The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was originally intended to promote and improve the portability of health insurance. Although the law has been amended since its passage, the impact on the US health care environment has been modest except for the “Administrative Simplification” section. This section does several things, but one of the biggest is that it puts in place rules regarding the use, sharing, privacy and security of protected health information (PHI) for individuals (Kongstvedt, 2007). Although related, there is a distinction drawn between privacy and security with regards to PHI. Privacy of PHI refers to the need to have policies and procedures in place to ensure confidentiality. Security is more applicable to how that information is protected within the files and electronic medical records and protected from breaches. One of the biggest controversies regarding confidentiality of PHI and the HIPAA laws is the concept of “incidental disclosures”. Many interpret the statute regarding incidental disclosures to limit essential communication to only information that, if not shared, would compromise good patient care (Lo, Dornbrand, & Dubler, 2013). This interpretation of what constitutes “good care” is at the heart of the controversy. Without very specific guidelines, professional judgment always leaves room for a grey area. Another major concern related to confidentiality in today’s world is the digital sharing of PHI. In an effort to provide the highest quality care for individuals and for population health, interoperability between healthcare electronic data systems has been growing. However, understanding who needs what information is a huge challenge to try and put certain algorithmic rules into place to address. For example, when a physician places an electronic prescription order through an e-scribe type service, how much PHI should go with the order? If the order is to be reviewed by a pharmacist, some of the information is necessary, but how much? It’s a tough dilemma.