February 25, 2017

Homework Help: Medical billing and coding

Posted by Theresa on Wednesday, November 3, 2010 at 9:56am.

Could someone look over this for me it is a paper in APA to answer 4 questions? Thanks.



Health Insurance Portability and Accountability (HIPAA) is an act that was signed by Congress in 1996 to improve and put into place policies and procedures for protection of personnel health information (PHI) and improve the availability of health insurance. (H.R.3103).

1.) HIPAA was put in place to help set standards on protecting a patients personal health information, therefore HIPAA does affect a patient’s access to medical records. A patient can review or obtain a copy of their records by submitting, to the covered entity, (health care provider, health plan or healthcare clearinghouse) a request for such in writing or a medical release form. In which case the covered entity can release a “designated record set” of certain personal health information. (OCR 5/03) There are some exceptions to what information may be released. If the provider believes that the information may cause harm to the patient then the request may be denied. If, for some or any reason, a written request is denied then the patient has the right to file a complaint or an appeal. There should be information given if a request is denied on this process. The covered entity has 30 days from the date the request was given to respond and may charge a minimal fee for preparation of these records.

2.) Even though HIPAA was put in place to set standards to protect the privacy of patients health information, there are certain circumstances where your health information may be used: 1. Decedents -funeral directors, coroner’s and medical examiners, to determine cause of death and for identity if needed. 2. Donation and

transplant of organs, eyes and tissue. 3. Public health activities. 4. Victims of abuse, neglect or domestic violence. 5. Judicial and administrative proceedings. 6. Workers’ compensation. 7. Law enforcement purposes. 8. Research. 9. Serious threat to health or safety. 10. Essential government functions. 11. Public interest and benefit activities. 12. Treatment, payment, and health care operations. A covered entity does not have to obtain a patients authorization for the above listed circumstances. (OCR 5/03)

3.) Under HIPAA, covered entities must comply with the privacy rules. A covered entity may develop its own privacy rules that would accommodate its own needs of protected health information (PHI) management but it most comply with the HIPAA guidelines. It is the responsibility of the entity to put in place a privacy official to oversee the policies, procedures and be on hand and available to be contacted in reference to the privacy rule. (45 CFR 164.530 a ). A patient should be given a privacy notice act at his/her health facility stating how their (PHI) is being used and to whom it will be shared. The covered entity should include in the notice their duty to assure the patients privacy as well as how and whom to contact if there is a complaint or they feel that their rights have been violated. As of 2009 the Office of Civil Rights (OCR) handles complaints that are made on privacy policies, procedure and practices of HIPAA covered entities.


4.) All of the medical staff should have at least some knowledge of HIPAA concepts. It is the responsibility of the covered entity to train its personnel on the policies,
procedures and how these are to be carried out by its personnel. (CFR 45 164.530) As policies change the covered entity must educate its personnel to these changes. Therefore it is a good idea to give continuing education classes and keep policy manuals updated as the changes apply. The entity should also document all of the employees training and materials. There should be a rule or sanction in place for failure to obey the policies and procedure set forth by the covered entity. Failure or breach of this rule, depending on the severity of the act could result in suspension , termination or even imprisonment. Once the employee has joined the workforce of the covered entity than that employee should be trained in the policy and procedures in a reasonable amount of time. Training on privacy policies, procedures for following such policies and the order in which records are to be kept and disposed of should be one of the major topics of training of office personnel.
Conclusion: HIPAA has made a significant difference in the way PHI is kept and to whom and how it is be released or used. A patient now has more access and input to his/her health information and records than in the past. As technology expands so will the different ways of keeping records and the privacy measures that need to be taken to help protect patients health information.


HHS/OCR 2003 pg. 718

H. R. 3103 August 21,1996

OCR Privacy Rule 5/03 pg. 4

OCR Privacy Rule 5/03 pg. 14

45 CFR 164.513 (a) (f)

45 CFR 164.524

CFR 45 164.530

Answer This Question

First Name:
School Subject:

Related Questions

More Related Questions