I'll look it over and be back in about half an hour.
Congratulations! You've answered the questions completely and clearly!
A few minor grammatical corrections in your first paragraph:
"The HIPAA allows a patient to either view or get a copy of their medical . . ." >> Change "their" to "his/her" for pronoun agreement. Or, you can make "patients" plural.
"In order to do this you must first request the corrections that need to be made or a copy of your medical records . . ." >> You've shifted from the third person (patient) to the second person (you). In a formal paper, it's best to avoid the second person and use only the third person.
Also, be sure to run a spell check before you turn in your final paper.
You have a great start. Keep up the good work.
1)Does HIPAA affect the patient's access to his or her medical records? If so, describe the effect and the procedure for obtaining access.
2)Under what circumstances can personal health information be usedfor purposes unrelated to health care?
3)Are there requirements for covered entities to have written privacy policies? If so, what has to be addressed in the policy?
Your responses for the first two:
The Health Insurance Portability and Accountability Act of 1996 has established a set of national standards that protects and allows patients to have more control over their personal health information. Therfore, the HIPAA does affect the patient accessing his or her owm medical records. The HIPAA allows a patient to either view or get a copy of their medical records and also address any corrections that need to be made. In order to do this you must first request the corrections that need to be made or a copy of your medical records by asking your doctor or by putting the request in writting which is highly recommended. This way tou have a record of your request and any important information such as when you filed the request. Usually you will receive your copy within 30 days of making the request. If not you must be given a reason why you havn't received it. When requesting a copy of your medical records you usually will be charged a reasonable fee. This fee covers the staff time for copying the medical records and also for mailing them if they are sent to you. Therefore because of the Health Insurance Portability and Accountability Act we as the patient have access and more control over our person health information.
The HIPAA ensures that your personal health information is confidential and can't be used or disclosed unless their is proper authorization. However, there are certain circumstances that allows your personal health information to be used or disclosed that is unrelated to health care. These circumstances are: 1)requireed by law 2)public health activities 3)victims of abuse, neglect, or domestic violence 4)health oversight activities 5)judicial and administrative proceedings 6)law enforcement purposes 7)decendants 8)cadaveric organ, eye, or tissue donation 9)research 10)serious threat to health or safety 11)essential government functions 12)workers' compensation 13)risk of death or harm to oneself. These are the only circumstances that allows your personal health information to be obtained without your authorization.
**Get rid of all the instances of "you" and "we" all their forms. Use 3rd person (singular or plural doesn't matter as long as you are consistent).
**Delete the word "the" in front of the abbreviation HIPAA wherever you use it.
**Use a spell checker.
**Differentiate between when you should use "their" and "there."
**Colons should not be used after verbs.
**Spacing and punctuation for a long list need to be corrected.
**Make sure you are not plagiarizing from anything, in print or online. If you are going to quote a source -- even if just a few words -- be sure to use quotation marks and cite the source.
(Broken Link Removed)
Yes covered entities (entities that must comply with HIPAA requirements) must adopt a written set of privacy procedures and designate a privacy officer to be responsible for developing and implementing all required policies and procedures. The policies and procedures must reference management oversight and organizational buy-in to compliance with the documented security controls.
Procedures should clearly identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI must be restricted to only those employees who have a need for it to complete their job function.
The procedures must address access authorization, establishment, modification, and termination.
Entities must show that an appropriate ongoing training program regarding the handling of PHI is provided to employees performing health plan administrative functions.
Covered entities that out-source some of their business processes to a third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through clauses in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place.
A contingency plan- should be in place for responding to emergencies. Covered entities are responsible for backing up their data and having disaster recovery procedures in place. The plan should document data priority and failure analysis, testing activities, and change control procedures.
Internal audits- play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Policies and procedures should specifically document the scope, frequency, and procedures of audits. Audits should be both routine and event-based.
Procedures should document instructions for addressing and responding to security breaches that are identified either during the audit or the normal course of operations.