Case 3: Risk Assessment: Information Privacy and the Cost/Benefits of a Proposed Online System Happy Healthcare Systems of America HHSA is a third-party benefits administrator, pro- viding a liai
Case 3: Risk Assessment: Information Privacy and the Cost/Benefits of a Proposed Online
Happy Healthcare Systems of America
is a third-party benefits administrator, pro-
viding a liaison between insurance companies and provider groups
physicians, hospitals, etc.
HHSA earns revenue by collecting from the insurance companies and then paying the provider
groups for services rendered to eligible patients/members.
Since HHSA’s operations are similar to that of an HMO, non-routine procedures, such as
surgery or referral to a specialist, must be pre-authorized by HHSA in order for the service to be
paid by HHSA. HHSA is considering acquiring an online service to expedite the authorization
process. With this system, contracted providers would be allowed access to HHSA’s database to
initiate and review the status of a particular authorization. Providers would be able to enter data
into the system such as diagnosis, requested treatment/procedure, and other data needed to deter-
mine the necessity of the procedure.
The determination of the suitability or necessity of these non-routine procedures is currently
determined by HHSA case managers, who review and authorize the requested procedures or
referrals. Under the proposed system, the provider would enter the data, allowing the case man-
ager to pull up the data and start the authorization process. The new system would allow the entry
of data or notes and would assign an authorization number to those procedures that are approved.
Once the data is in the system, providers would be given access to check on the status of the
authorization at any time.
Another aspect of the online system that should be considered is how the system will comply
with federal and state laws, such as the Health Insurance Portability and Accountability Act
, which restricts the access to and/or distribution of a patient’s private health information
to unauthorized persons. Therefore, some of those involved in the online system decision argue
that providers should not have access to data for patients not under their direct care.
You are the chairman of the committee charged with determining the feasibility/acceptability
of the proposed online system, and you will oversee the implementation of this system if it is
1. What recommendations would you make to HHSA regarding cost and benefits of an
online authorization system?
2. How can HHSA ensure patient information confidentiality if this service is provided
more information on regulatory requirements related to information confidentiality, visit