HIPAA Privacy Standards in April of 2003 - Essay Example

1. Does HIPAA affect the patient’s access to his or her medical records? If so, describe the effect and procedure for obtaining access.
Yes, HIPAA affects the patient’s access to his/her medical records. In general, patients must be able to see and acquire copies of their respective medical records and apply for corrections should they discover errors or mistakes therein (U.S. Department of Health and Human Services 1). All covered entities must provide access to such records within thirty days (U.S. Department of Health and Human Services 1).
Relatively, the patient has the right to examine and get a copy of their health information that is within a “designated record set” (United States Department of Health and Human Services 12). The “designated record set” is the cluster of records used by a covered entity in part or in whole (to make decisions) that includes billing records, plan enrolment, payment, claims, and management records of systems (United States Department of Health and Human Services 12). The exception to the right of access includes information gathered for legal proceedings, laboratory results where the Clinical Laboratory Improvement Act (CLIA) disallows the right to use, or any data in the custody of certain research laboratories. The information incorporated in the right of access may be denied if the covered entity deems that it could cause harm to the patient or another person. In this case, the patient can ask for a second opinion from a licensed health care professional (United States Department of Health and Human Services 12). Realistic fees for copying and postage may be charged by covered entities.

2. Under what circumstances can health information be used for purposes unrelated to health care?
Based on the OCR Privacy Brief of the United States Department of Health and Human Services (pp. 6-9), situations wherein health information can be used for other reasons are as follows:
1. Required by Law
2. Public Health Activities
3. Victims of Abuse or Domestic Violence
4. Health Oversight Activities
5. Judicial and Administrative Proceedings
6. Law Enforcement Purposes
7. Decedents
8. Cadaveric Organ, Eye or Tissue Donation
9. Research
10. Serious Threat to Health or Safety
11. Essential Government Functions
12. Workers’ Compensation

3. Are there requirements for covered entities to have written privacy policies? If so, what has to be addressed in the policy?
Yes, there are certain requirements for covered entities to have written privacy policies. This generally contains an account of the staff or personnel who has access to the protected information, how the information will be used, and when or under what circumstance should it be disclosed (U.S. Department of Health and Human Services 2). Covered entities must likewise make sure that business associates who have the right to use any protected information must be bound by the agreement for the restrictions and utilization of said information (U.S. Department of Health and Human Services 2).

4. How will employees in the medical office have to be trained regarding privacy (for example, who is responsible for training and record-keeping?) what is required of an employee who does not follow the privacy policy? When must employees be trained? In what manner?
Covered entities must educate their staff/employees regarding their privacy procedures and must train their entire workforce concerning its privacy policies and procedures which are compulsory for them to perform their tasks (United States Department of Health and Human Services 14). Likewise, covered entities must delegate an individual who will be accountable in seeing to it that the measures in disseminating protected information are followed properly (U.S. Department of Health and Human Services 3). Should covered entities find out that an employee has failed to or has violated to follow their privacy procedures strictly, a fitting disciplinary action must be taken against the said employee (U.S. Department of Health and Human Services 3). Read More