Login Signup
Verified Document

Privacy Rule HIPAA Ethical Health Term Paper

Related Topics:
Hipaa Privacy Patient Privacy Medicare Fraud
Open Document Cite Document

Criminal penalty will be imposed on a person who knowingly obtains and reveals identifiable health information and violates HIPAA Rules at a fine of $50,000 and up to 1 year imprisonment. The fine can increase to $100,000 and the imprisonment to 5 years if the violation involves false pretenses. The fine can go up to $250,000 and up to 10 years imprisonment if there is an intent to sell, transfer or use the information for commercial or personal gain or malicious harm. The Department of Justice enforces criminal sanctions (OCR). Protected Information

Protected health information or PHI refers to all held or transmitted individually identifiable health data by a covered entity or its business association, contained in any form or medium -- whether electronic, paper or in oral form (OCR, 2003). These data are a person's past, present or future physical or mental health or condition; his or her healthcare provision; and his or her past, present or future payment for healthcare. The data must identify the person and other identifiers, such as address, birthday, and social security number (OCR).

Un-protected Health Information

Health information not protected by HIPAA Privacy Rule pertains to employment records kept or used by a covered entity as an employer (OCR, 2003). These are records of an individual's employment information, education or other records coming under the Family Educational Rights and Privacy Act. Neither is de-identified health information covered, and therefore unprotected, by HIPAA. This refers to health information that neither identifies nor provides an identifier of the person with that record or data. De-identification can be made either by a formal determination by a qualified statistician or by the removal of specific identifiers of the individual and his family, relatives, household members and employers. In this second case, the de-identification can be done only if the covered entity has o actual knowledge that the remaining information may be used in identifying the person (OCR).

Uses and Disclosures

A covered entity may not use or disclose protected health information except as the Privacy Rules permits or requires or it is authorized in writing by the individual or his or her representative (OCR, 2003).

Permitted Uses and Disclosures

A disclosure is permitted, but not required, without the individual's authorization, under certain circumstances (OCR, 2003). These are if the disclosure is made to the individual himself or herself; if it is part of the treatment or as basis for payment and healthcare operations; as an opportunity for the patient to agree or object; incidental use and disclosure; for the public interest and benefit; and limited data set. Public interest is involved and justifies the use and disclosure when it is required by law; as part of public health activities; for the benefit of victims of abuse, neglect or domestic violence; for health oversight activities; as inputs to judicial and administrative proceedings; for law enforcement purposes; for the use of funeral parlors or medical examiners in the identification of deceased persons; for the facilitation of donation and transplant of cadaver organs; for research; for serious threats to health and safety; and for essential government functions (OCR).

Authorized Uses and Disclosures

This is allowed when there is written and specific authorization of the individual involved (OCR, 2003). It is also allowed from psychotherapy notes without the person's authorization if the notes will be used for treatment or for use in training and court litigations. Protected health information may also be disclosed without authorization for marketing purposes in exchange for direct or indirect compensation for product endorsement (OCR).

Limiting Uses and Disclosures

The first limiting provision is that of minimum necessary (OCR, 2003). A covered entity must expend all effort and resources to acquire and reveal only the barest minimum information in order to satisfy its allowed purpose. When done, the covered entity may no longer use or disclose the data for another purpose. The second provision covers the access and uses of an allowed disclosure of the protected health data. The covered entity must develop and use policies and procedures, which will restrict...

Those who need the data must be identified through the policies and procedures. The provision on disclosures and requests for disclosures require policies and procedures for routine, recurring disclosures or requests for disclosures that will limit the amount of information to be used in fulfilling the allowed purpose. And the provision on reasonable reliance requires the covered entity to comply with the minimum necessary standard.
Requests that satisfy the minimum necessary standard may be from a public official, a professional, or a researcher needing it for documentation or representation for research (OCR).

Court Decisions

The OCR implements the HIPAA Privacy Rule in order to make people aware of privacy rights (Keilholtz, 2012). While it protects patient confidentiality, the Privacy Rule does not cover all situations. This clash brings about legal situations, which conflict with HIPAA provisions (Keilholtz).

One example is the Gunn v. Sound Shore Medical Center dated March 2003 (Keilholtz 2012). The complaint emanated from Donna Gunn, a resident of New York and a patient, who attended a cardiac physical therapy session at the hospital. She reported an injury on a treadmill during a session. She sued the hospital and demanded that it be ordered by the court to release the names of patients present in the same rehabilitation facility during the incident. The hospital refused to do so, citing HIPAA provisions, leading to the dismissal of the complaint. The court ruled that HIPAA provides that the disclosure of the identity of other patients would violate the physician-patient privilege and was, therefore, not permitted (Keilholtz).

Another example is the Hutton v. City of Martinez case also in 2003 (Keilholtz, 2012). This involves the police shooting. The case was filed by the injured man against the police officer. The policeman claimed that he fired at the man because he could not physically come after him. The injured man requested a review of the officer's medical records. The judge granted the requests and ordered for the police officer's workers' compensation health records. The judge justified the opening of the defendant's medical records. He stressed that HIPAA does not preclude the production of the records and compensation files in response to a discovery request, subpoena, or a court order "under a protective order." HIPAA's privacy rules are, therefore, only a guideline to uphold patient information without a guarantee of confidentiality (Keilholtz).

A third example is the Law v. Zuckerman (Keilholtz, 2012). HIPAA can also clash against State laws. In 2004, a federal court had some trouble deciding if a meeting between a defense lawyer and the physician of a patient violated that patient's privacy law rights. The court initially ruled that the meeting did not break the law but later reversed this rule. The decision must be on which, between HIPAA and the Maryland State law was the more inflexible and therefore must dominate. The judge later ruled that HIPAA was the more inflexible. It stated that a privacy waiver is not allowed because of inferred consent. The judge then ruled that patient consent is inferred by the filing of the lawsuit by plaintiffs. He did not see inferred consent satisfied the intended purpose of HIPAA (Keilholtz). #

BIBLIOGRAPHY

Czaja, J. (2012). What is the reason for HIPAA regulations? eHow: Demand Media, Inc.

Retrieved on June 21, 2012 from http://www.ehow.com/list_6870131_reason_hipaa-regulations.html

Fortuna, M. (2012). History of HIPAA. eHow: Demand Media, Inc. Retrieved on June 21,

2012 from http://www.ehow.com/about_5448842_history-hipaa.html

HIPAA Specialists (2095). HIPAA background and history. Geomar Computers.

Retrieved on June 21, 2012 from http://www.geomarscomputers.com/hipaa/hipaa_1.html

Keilholtz, J. (2012). The legal cases that conflicted with HIPAA. eHow: Demand Media,

Inc. Retrieved on June 25, 2012 from http://www.ehow.com/list_7307152_legal-cases-conflicted-hipaa.html

OCR (2003). Summary of the HIPAA privacy rule. Office of Civil Rights: U.S.

Department of Health and Human Sciences. Retrieved on June 21, 2012 from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

Continue Reading...
Sources used in this document:
BIBLIOGRAPHY

Czaja, J. (2012). What is the reason for HIPAA regulations? eHow: Demand Media, Inc.

Retrieved on June 21, 2012 from http://www.ehow.com/list_6870131_reason_hipaa-regulations.html

Fortuna, M. (2012). History of HIPAA. eHow: Demand Media, Inc. Retrieved on June 21,

2012 from http://www.ehow.com/about_5448842_history-hipaa.html
Retrieved on June 21, 2012 from http://www.geomarscomputers.com/hipaa/hipaa_1.html
Inc. Retrieved on June 25, 2012 from http://www.ehow.com/list_7307152_legal-cases-conflicted-hipaa.html
Department of Health and Human Sciences. Retrieved on June 21, 2012 from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Healthcare - HIPAA Questions Healthcare
Words: 622 Length: 2 Document Type: Thesis

Those entities must also arrange for employee awareness training on HIPAA privacy concepts. They must also provide regular assessment procedures to measure compliance with HIPAA rules and related principles and policies pertaining to the electronic transfer of protected information. Finally, HIPAA rules also require that covered entities issue patients written privacy policy notices that include patients' rights to complain about HIPAA violations (USDHHSOCR, 2003; Tong, 2007). 4. How will employees

Read More
Essay
Healthcare - HIPAA Healthcare Information
Words: 1115 Length: 4 Document Type: Term Paper

In that regard, they must promote initial awareness of HIPAA requirements within the organization and conduct comprehensive assessment of existing privacy practices, information security, information safeguarding procedures, and use of electronic transfers. Furthermore, they must also develop an action plan relating to compliance with each HIPAA rule and develop technical and managerial oversight for sufficient compliance and implementation of action plan components (Stanhope & Lancaster 2004). Under HIPAA requirements, covered

Read More
Essay
Health Care Organizations Are Guided
Words: 1405 Length: 5 Document Type: Essay

It could occur through customization, whereby the manufacturer works with the health care provider to build something, or it could occur as the result of competition. In that scenario, the manufacturer needs to offer a higher level of service and better quality of product to the health care provider in order to win contracts. Increased competition drives changes in the way that the manufacturers do business, and these changes

Read More
Essay
Healthcare Law
Words: 1774 Length: 5 Document Type: Case Study

Third Party Patient The Doctrine of Apparent Agency Scenario: June, a 34-year-old divorced woman diagnosed with severe anorexia, is hospitalized. Her doctors feel she may need to be placed on a feeding tube soon to save her life. Initially June agreed to the feeding tube. However, in the evening (before the tube has been placed), she became combative, disoriented, and refused to have the feeding tube placed. Her mother and father insisted that

Read More
Essay
HIPAA Patient Protection
Words: 1889 Length: 7 Document Type: Essay

Title: Ensuring Patient Privacy and Protection: An Overview of HIPAA Regulations Introduction The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the primary goal of protecting the privacy and security of patients' health information. HIPAA includes a set of rules that healthcare providers, insurance companies, and their business associates must follow to ensure the confidentiality and security of patients' personal and medical information. These rules are known as

Read More
Essay
Smart Phone and Social Media Use in Healthcare
Words: 1307 Length: 4 Document Type: Research Paper

Healthcare Technology gives us more capabilities than we ever had before, and health care organizations need to ensure that their staff members are aware of the regulations surrounding the use of technology in the workplace, both for work-related activities and private activities. The prompt was of a nurse who took photos of a celebrity and texted them to her friend. This action constitutes a violation of HIPAA, wherein the Privacy Rule

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now