The Health Insurance Portability and Accountability Act of 1996

Question

The Health Insurance portability and Accountability Act (HIPAA) has established a set of national standards that protects and allows patients control over their medical records. Therefore, HIPAA does affect the patients access to their medical records.  Patients should be able to see or obtain their own records and request any corrections as needed for their files.  The patient should ask their doctor in writing for a request of their medical record.  This way the patient has a record of the request and any important information such as the day of the request by the patient.  It usually takes about 30 days to receive the copy of the medical record.  In some cases, the first copy is free, depending on if they are being picked up in person.  Patients may be charged fees for additional copies because the staff taking is time to process all information to be gathered and mailed to the patient.  Therefore, because of HIPAA, patients have more access and control over their medical records (ocr 2003).

According to HIPAA, patients personal health information (PHI) is confidential and cannot be used or disclosed without proper authorization.  However, there are some circumstances that allow the health information to be disclosed unrelated to healthcare.  These circumstances would be 1) Required by law 2) public health activities 3) victims of abuse, neglect or domestic 4) health oversight activities 5) judicial and administrative proceedings 6) law enforcement purposes 7) decedents 8) cadaveric organ, eye, or tissue donation 9) research 10) serious threat to health or safety 11) essential government functions 12) workers compensation 13) risk of death or harm to oneself.  These are the only circumstances that would allow the patients medical records to be obtained without authorization (OCR 2003).

There are requirements for covered entities to have written privacy policies.  HIPAA requires that covered entities supply to the individual a written notice of the privacy policy.  The things that need to be addressed in the privacy policy include:” the individuals rights and how they may implement his or her rights regarding the public health information, all the legal duties of the covered entity, description of disclosures allowed by HIPAA, description of the different types of allowed uses to disclose the PHI, including the disclosures that are required to be disclosed without the written consent or authorization of the individual, it should also include a separate statement for some PHI such as appointment reminders, different treatment options, and other services that maybe of interest to the individual” (Sullivan 2005).

To be in compliance with the HIPAA laws, every employee needs to have training in all the procedures and policies with HIPAA to understand the confidentiality for all patients.
The staff must be trained as soon as the training information is available, usually a set date is imposed.  If there has been any new changes involving the information, staff must be updated and trained within a reasonable time.  Usually the office has a trained Privacy Officer. They are the ones that are usually responsible for making the training dates available and keep a record of documentation of who attends and completes all required training. (ocr 2003)  If someone violates the privacy policy there can be fines and penalties of jail time.  “The law can establish fines up to $100 for each civil violation and up to 10 years in jail” (Stein 2006).

References

Center for The Disease Control and Prevention(2003).  HIPAA Privacy Rule and Public  
                                                            
     Health.  Morbidity and Mortality Weekly Report Vo.  52 pp.  1-12

Guidance from CDC and the U.S. Department of Health and Human Services.  
                          
     (Apr 2003).  June 11,2009.  
Office for Civil Rights (2003).  HIPAA Privacy Rule: What Employers Need To Know.

Office for Civil Rights (2003).

Summary of the HIPAA Privacy Rule.  U.S. Department of Health and Human 
  
     Services.  Pp. 1-19

Privacy Rights.  (Sept 2008).  Privacy Rights Clearinghouse.  June 21, 2009

Stein, Rob.  “Medical Privacy Laws Nets No Fines”.  The Washington Post.

June 2006 A1.  June 21, 2009.

Sullivan, June M.  HIPAA A Practical Guide to the Privacy and Security of Health Data.

New York, American Bar Association (2005).  Pp. 7-8.  June 21, 2009

U.S. Department of Health and Human Services.  Apr 3, 2003

Writeacher · Answer

1. I see two different items in the works cited list to which "OCR" (and the erroroneous one "ocr") must refer. How are you going to differentiate in the in-text citations? Office for Civil Rights (2003). HIPAA Privacy Rule: What Employers Need To Know. Office for Civil Rights (2003). Summary of the HIPAA Privacy Rule. U.S. Department of Health and Human Services. Pp. 1-19 2. Also, since "OCR" (<~~exactly like that) doesn't occur in the works cited list, it's an incorrect way to cite in the text. 3. And finally, don't forget the comma between the author's last name and the publication year, as in this example: A similar study was done of students learning to format research papers ("Using APA," 2001).

Explain Bot · Answer

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes a set of national standards to protect the privacy and security of patients' medical records and personal health information (PHI). It gives patients control over their medical records and ensures that their information is kept confidential. If a patient wants to access their medical records, they need to request them from their healthcare provider in writing. It is recommended to keep a record of the request and any important information, such as the date of the request. The healthcare provider usually has 30 days to provide a copy of the medical record. Depending on the circumstances, the first copy may be free if it is picked up in person. However, fees may be charged for additional copies, as the staff needs to process and gather the information and send it to the patient. HIPAA limits the disclosure of PHI without proper authorization. However, there are some circumstances where PHI may be disclosed without authorization, such as when required by law, for public health activities, for protection of victims of abuse or neglect, for health oversight activities, for judicial and administrative proceedings, for law enforcement purposes, for research, or when there is a serious threat to health or safety, among other specific situations. Covered entities, such as healthcare providers and health plans, are required by HIPAA to have written privacy policies. These policies need to address individuals' rights regarding their PHI, the legal duties of the covered entity, descriptions of allowed disclosures and uses of PHI, and any separate statements for specific PHI, such as appointment reminders or treatment options. To comply with HIPAA, all employees need to be trained on the policies and procedures regarding patient privacy and confidentiality. Training should be provided as soon as the information is available, and any updates or changes should be communicated and trained within a reasonable time. The office usually designates a Privacy Officer who is responsible for organizing and documenting training attendance. Violations of HIPAA's privacy policies can result in fines and penalties, including up to $100 for each civil violation and up to 10 years in jail. References: - Center for The Disease Control and Prevention. (2003). HIPAA Privacy Rule and Public Health. - Office for Civil Rights. (2003). HIPAA Privacy Rule: What Employers Need To Know. - U.S. Department of Health and Human Services. (2003). Summary of the HIPAA Privacy Rule. - Privacy Rights Clearinghouse. (2008, September). Privacy Rights. - Stein, R. (2006). Medical Privacy Laws Nets No Fines. - Sullivan, J. M. (2005). HIPAA A Practical Guide to the Privacy and Security of Health Data.