Healthcare - HIPAA Summary Healthcare

Healthcare - HIPAA Summary

HEALTHCARE INFORMATION PRIVACY

Does HIPAA affect the patient's access to his or her medical records? If so, describe the effect and the procedure for obtaining access.

The HIPAA rules do not change the rights of patients, their guardians or designated "personal representatives" with respect to accessing patients' medical records but they do require the patient or guardian to make a formal written request that specifies the exact information requested. Requests for certain types of private health information (PHI) may be refused, such as notes taken by a psychotherapist and any information that could be harmful to the patient or to others (HHS, 2003). 2. Under what circumstances can personal health information be used for purposes unrelated to health care? (Hint: There should be at least 12 circumstances.)

Personal health information may be used for purposes unrelated to healthcare if it is required by law (including federal, state, and tribal law), as well as by request from public health officials in connection with public health concerns. It may also be used for the protection of others through the reporting of allegations of abuse, neglect, or domestic violence, and as required by criminal investigators, court orders, subpoenas, and for particular kinds of research.

Additionally, PHI may be used for administrative oversight and for the purposes of investigating or verifying worker's compensation claims, or where necessary to protect the health and welfare of the patient or other individuals, or where necessary for the proper administration of deceased patients' estates or for the arrangements of their funerals. Personal health information may also be used to protect the health and safety of inmates and correctional facility personnel, as necessary to protect the life of the President, or to preserve essential government functions and to protect military operations. Finally, PHI may be used to establish eligibility for federal programs and in connection with evaluating employment suitability for certain government jobs (HHS, 2003).

3. Are there requirements for covered entities to have written privacy policies? If so, what has to be addressed in the policy?

Covered entities must maintain written privacy policies and to implement policies and procedures capable of ensuring compliance with PHI disclosure rules. They must provide awareness training to employees, (both paid and unpaid), on HIPAA privacy principles and they must implement regular assessment procedures for evaluating compliance with HIPAA rules, including general information security and information security during electronic transfers. Covered entities must also provide written privacy policy notices to patients that include notification of patients' rights to file complaints with designated personnel and directly to appropriate government officials (HHS, 2003).

4. How will employees in the medical office have to be trained regarding privacy (for example, who is responsible for training and record keeping)? What is required if an employee doesn't follow the privacy policy? When must employees be trained? In what manner?