Privacy Rule HIPAA Ethical Health Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

But the failure must be corrected within 30 days from the time of notification of the violation. Criminal penalty will be imposed on a person who knowingly obtains and reveals identifiable health information and violates HIPAA Rules at a fine of $50,000 and up to 1 year imprisonment. The fine can increase to $100,000 and the imprisonment to 5 years if the violation involves false pretenses. The fine can go up to $250,000 and up to 10 years imprisonment if there is an intent to sell, transfer or use the information for commercial or personal gain or malicious harm. The Department of Justice enforces criminal sanctions (OCR).

Protected Information

Protected health information or PHI refers to all held or transmitted individually identifiable health data by a covered entity or its business association, contained in any form or medium -- whether electronic, paper or in oral form (OCR, 2003). These data are a person's past, present or future physical or mental health or condition; his or her healthcare provision; and his or her past, present or future payment for healthcare. The data must identify the person and other identifiers, such as address, birthday, and social security number (OCR).

Un-protected Health Information

Health information not protected by HIPAA Privacy Rule pertains to employment records kept or used by a covered entity as an employer (OCR, 2003). These are records of an individual's employment information, education or other records coming under the Family Educational Rights and Privacy Act. Neither is de-identified health information covered, and therefore unprotected, by HIPAA. This refers to health information that neither identifies nor provides an identifier of the person with that record or data. De-identification can be made either by a formal determination by a qualified statistician or by the removal of specific identifiers of the individual and his family, relatives, household members and employers. In this second case, the de-identification can be done only if the covered entity has o actual knowledge that the remaining information may be used in identifying the person (OCR).

Uses and Disclosures

A covered entity may not use or disclose protected health information except as the Privacy Rules permits or requires or it is authorized in writing by the individual or his or her representative (OCR, 2003).

Permitted Uses and Disclosures

A disclosure is permitted, but not required, without the individual's authorization, under certain circumstances (OCR, 2003). These are if the disclosure is made to the individual himself or herself; if it is part of the treatment or as basis for payment and healthcare operations; as an opportunity for the patient to agree or object; incidental use and disclosure; for the public interest and benefit; and limited data set. Public interest is involved and justifies the use and disclosure when it is required by law; as part of public health activities; for the benefit of victims of abuse, neglect or domestic violence; for health oversight activities; as inputs to judicial and administrative proceedings; for law enforcement purposes; for the use of funeral parlors or medical examiners in the identification of deceased persons; for the facilitation of donation and transplant of cadaver organs; for research; for serious threats to health and safety; and for essential government functions (OCR).

Authorized Uses and Disclosures

This is allowed when there is written and specific authorization of the individual involved (OCR, 2003). It is also allowed from psychotherapy notes without the person's authorization if the notes will be used for treatment or for use in training and court litigations. Protected health information may also be disclosed without authorization for marketing purposes in exchange for direct or indirect compensation for product endorsement (OCR).

Limiting Uses and Disclosures

The first limiting provision is that of minimum necessary (OCR, 2003). A covered entity must expend all effort and resources to acquire and reveal only the barest minimum information in order to satisfy its allowed purpose. When done, the covered entity may no longer use or disclose the data for another purpose. The second provision covers the access and uses of an allowed disclosure of the protected health data. The covered entity must develop and use policies and procedures, which will restrict the use of the data. Those who need the data must be identified through the policies and procedures. The provision on disclosures and requests for disclosures require policies and procedures for routine, recurring disclosures or requests for disclosures that will limit the amount of information to be used in fulfilling the allowed purpose. And the provision on reasonable reliance requires the covered entity to comply with the minimum necessary standard.

Requests that satisfy the minimum necessary standard may be from a public official, a professional, or a researcher needing it for documentation or representation for research (OCR).

Court Decisions

The OCR implements the HIPAA Privacy Rule in order to make people aware of privacy rights (Keilholtz, 2012). While it protects patient confidentiality, the Privacy Rule does not cover all situations. This clash brings about legal situations, which conflict with HIPAA provisions (Keilholtz).

One example is the Gunn v. Sound Shore Medical Center dated March 2003 (Keilholtz 2012). The complaint emanated from Donna Gunn, a resident of New York and a patient, who attended a cardiac physical therapy session at the hospital. She reported an injury on a treadmill during a session. She sued the hospital and demanded that it be ordered by the court to release the names of patients present in the same rehabilitation facility during the incident. The hospital refused to do so, citing HIPAA provisions, leading to the dismissal of the complaint. The court ruled that HIPAA provides that the disclosure of the identity of other patients would violate the physician-patient privilege and was, therefore, not permitted (Keilholtz).

Another example is the Hutton v. City of Martinez case also in 2003 (Keilholtz, 2012). This involves the police shooting. The case was filed by the injured man against the police officer. The policeman claimed that he fired at the man because he could not physically come after him. The injured man requested a review of the officer's medical records. The judge granted the requests and ordered for the police officer's workers' compensation health records. The judge justified the opening of the defendant's medical records. He stressed that HIPAA does not preclude the production of the records and compensation files in response to a discovery request, subpoena, or a court order "under a protective order." HIPAA's privacy rules are, therefore, only a guideline to uphold patient information without a guarantee of confidentiality (Keilholtz).

A third example is the Law v. Zuckerman (Keilholtz, 2012). HIPAA can also clash against State laws. In 2004, a federal court had some trouble deciding if a meeting between a defense lawyer and the physician of a patient violated that patient's privacy law rights. The court initially ruled that the meeting did not break the law but later reversed this rule. The decision must be on which, between HIPAA and the Maryland State law was the more inflexible and therefore must dominate. The judge later ruled that HIPAA was the more inflexible. It stated that a privacy waiver is not allowed because of inferred consent. The judge then ruled that patient consent is inferred by the filing of the lawsuit by plaintiffs. He did not see inferred consent satisfied the intended purpose of HIPAA (Keilholtz). #


Czaja, J. (2012). What is the reason for HIPAA regulations? eHow: Demand Media, Inc.

Retrieved on June 21, 2012 from

Fortuna, M. (2012). History of HIPAA. eHow: Demand Media, Inc. Retrieved on June 21,

2012 from

HIPAA Specialists (2095). HIPAA background and history. Geomar Computers.

Retrieved on June 21, 2012 from

Keilholtz, J.…[continue]

Cite This Term Paper:

"Privacy Rule HIPAA Ethical Health" (2012, June 25) Retrieved December 7, 2016, from

"Privacy Rule HIPAA Ethical Health" 25 June 2012. Web.7 December. 2016. <>

"Privacy Rule HIPAA Ethical Health", 25 June 2012, Accessed.7 December. 2016,

Other Documents Pertaining To This Topic

  • Health Care Organizations Are Guided

    It could occur through customization, whereby the manufacturer works with the health care provider to build something, or it could occur as the result of competition. In that scenario, the manufacturer needs to offer a higher level of service and better quality of product to the health care provider in order to win contracts. Increased competition drives changes in the way that the manufacturers do business, and these changes

  • Healthcare Pandemic and All Hazards

    PAHPA gives federal officials important judgment to gather and share personal health information without sufficient privacy safeguards. PAHPA does not substantively address privacy worries. The HIPAA Privacy Rule prohibits public health data collections from its protections. Other privacy laws supply a patchwork of protections for national public health data (Hodge, 2007). National organization of interstate volunteer health professionals throughout emergencies assumes that the legal environment supports their deployment. Competent, registered

  • Healthcare Law

    Third Party Patient The Doctrine of Apparent Agency Scenario: June, a 34-year-old divorced woman diagnosed with severe anorexia, is hospitalized. Her doctors feel she may need to be placed on a feeding tube soon to save her life. Initially June agreed to the feeding tube. However, in the evening (before the tube has been placed), she became combative, disoriented, and refused to have the feeding tube placed. Her mother and father insisted that

  • Ethical Issues Necessitating the Creation of 1996

    Ethical Issues Necessitating the Creation of 1996 HIPAA Act: The Health Insurance Portability and Accountability Act of 1996 was enacted to bring necessary changes to the procedures and practices within the healthcare industry. The development of this legislation was to enforce the need of healthcare organizations to have the necessary regulations and procedures that safeguard the privacy of patient information. The Act was also developed to address the challenges of increased

  • HIPAA and Confidentiality HIPAA Confidentiality

    From a utilitarian perspective, the improper disclosure of confidential health information related to HIV / AIDS is an absolute wrong. While such improper disclosure may actually be beneficial to the at-risk people in the patient's life, such as unprotected sex partners, when viewed from a societal point-of-view, such disclosure would be improper. Most people who know that they have a contagious fatal disease will take steps to limit other's exposure

  • Health Care Law Privacy and

    S. Department of Health and Human Services, 2011). Furthermore, subpart C explains the privileges and the protections of confidentiality that is attached to the patient's record along with much exception (U.S. Department of Health and Human Services, 2011). The penalty for anyone who breaks confidentiality is imperative. In "November, 23, 2009" was increased to $11,000 (U.S. Department of Health and Human Services, 2011). This goes for anyone in the medical field

  • Ethical Problem of Personally Identifiable

    Nonetheless, internet breach occurs routinely; further steps need to be taken. Options for resolving these issues Part of the issue revolves around ambivalent ways of defining PII as well as the fact that the constructs of identity are still in flux. PII, at one moment, can become non-PII during the next, and the reverse is the case, too. Moreover, computer science has shown that, in many instance, data that is consider

Read Full Term Paper
Copyright 2016 . All Rights Reserved