Understanding the HIPAA Privacy Standards

Most people today do not fully understand their rights to privacy and what is all involved in giving them that right. The Health Insurance Portability and Accountability Act, better known as HIPAA, has put into effect some rules that must be followed by places such as health care facilities, doctors, and health plans. These covered entities are to use these rules to make sure that personal information is not shared with someone or something that should not have that information.

People should know that HIPAA does not affect a person’s personal access to their own records. If anything it has made it easier to get information. All you have to do is call or write and request it from your health care provider. You may have to sign a form stating that you received a copy of these records. Most places ask for a fee in return for making a copy and mailing it to you (Consumer Rights).It may be harder for certain people to access your personal records but there are still some reasons that do not require your permission in order view your records. The following 12 reasons must be for national priority purposes. (1) Essential Government Functions. These reasons must be required under law, such as, protecting the President, or reasons of national security. (2) Health Oversight Activities. An example of this would be legally authorized health oversight issues, like audits and other health care and government programs. (3) Victims of Abuse, Neglect or Domestic Violence. To help authorities handling victims of domestic violence, abuse, or neglect. (4) Public Health Activities. In order to prevent certain problems, entities subject to FDA regulation regarding FDA regulated products or activities, to identify persons who have a disease that can spread, and employers who want to know of work related heath issues. (5) Law Enforcement Purposes. There are six reasons for the release of health information to officials, starting with it is required by law, needed to find a subject, a possible victim of a crime, to report a death that may have been caused unlawfully, to report uses of health information that is referenced in a privacy policy, and finally in a medical emergency by a covered health care provider which did not happen on their property. (6) Judicial and Administrative Proceedings. If asked for through a court order or an administrative tribunal. (7) Decedents. To aid a funeral director or a medical examiner in identifying a person who has died, to find cause of death, and other things authorized by law. (8) Cadaveric Organ, Eye, or Tissue Donation. In order to get approval to use cadaver organs, eyes, and tissue for transplant purposes. (9) Required by Law. Covered entities can share your medical information without your permission if it is required by law. (10) Research. To be used in the aid of general knowledge. Researchers must have adequate permission and documentation to disclose any information that may be used. (11) Serious Threat to Health or Safety. May be used is if it is necessary to prevent a threat to a person or the public. (12) Workers’ Compensation. As required by law to supply information on work related illness or injury (6-9) (Privacy Summary). Anything that medical record information is needed to be used for must be required by law otherwise permission must be obtained by the individual.

As of April 14, 2003 all covered entities must comply with the new rules made by HIPAA. The things that need to be addressed, as stated by Phoenix Health Systems, are as follows; building initial organizational awareness of HIPAA; comprehensive assessment of the organization’s privacy practices, information security systems and procedures, and use of electronic transactions; developing an action plan for compliance with each rule developing a technical and management infrastructure to implement the plans implementing a comprehensive implementation action plan, including: developing new policies, processes and procedures to ensure privacy, security and patients’ rights; building business associate agreements with business partners to support HIPAA objectives; developing a secure technical and physical information infrastructure; updating information systems to safeguard protected health information and enable use of standard claims and related transactions; training of all workforce members; enforcement infrastructure, including providing a Privacy Officer and a Security Officer (HIPAA Primer). These guidelines help ensure that medical record information will be kept private and secure from anyone who should not have that information.

Many employees are responsible for handling medical information. That is why it is the responsibility of the covered entity to train their employees on their personal privacy procedures. They must designate an individual to make sure that proper procedure is being followed and if not followed that the correct action is taken. There are a range of fines from $100 to $250,000 and possibly time in jail or prison for disregarding the privacy policy. Employees must be trained before they can do their job as they must learn the policies and procedures that are necessary to carry out their duties (14, 17) (Privacy Summary).By understanding the information that has been given, people will have a better understanding of their right to privacy and the new rules that are involved with that privacy. It is necessary for everyone who handles medical information to follow these new rules. By doing so only the people who are suppose to get the information will get the information. Keeping medical information private is an important issue and these issues have been properly addressed by HIPAA.