Research Assignment

Name : Date : July 2 , 2007

Subject : Law Ethics in Medicine

The HIPAA Privacy Standards

1a ) Does HIPAA affect the patient 's access to his or her medical records

Yes , the Privacy Rule ensures a national floor of privacy protections for patients by limiting the ways that health plans , pharmacies hospitals and other covered entities can use patients ' personal medical information . The regulations protect medical records and other individually identifiable health information , whether it is on , in computers or communicated orally

1b ) If so , describe the effect and the procedure

for obtaining access

Patients generally should be able to see and obtain copies of their medical records and request corrections if they identify errors and mistakes . Health plans , doctors , hospitals , clinics , nursing homes and other covered entities should provide access these records within 30 days and may charge patients for the cost of copying and sending the records

Covered health plans , doctors and other health care providers must provide a notice to their patients how they may use personal medical information and their rights under the new privacy regulation . Doctors hospitals and other direct-care providers generally will provide the notice on the patient 's first visit and anytime thereafter upon request Patients generally will be asked to sign , initial or otherwise acknowledge that they received this notice . Health plans generally must mail the notice to their enrollees upon initial enrollment and again if the notice changes significantly . Patients also may ask covered entities to restrict the use or disclosure of their information beyond the practices included in the notice , but the covered entities would not have to agree to the changes

2 ) Under what circumstances can personal health information are used for purposes unrelated to health care

Covered entities may use or share only the minimum amount of protected information needed for a particular purpose . In addition , patients would have to sign a specific authorization before a covered entity could release their medical information to a life insurer , a bank , a marketing firm or another outside entity for purposes not related to their health care

3 ) Are there requirements for written privacy policies ? If so , what has to be addressed in the policy

The rule requires covered entities to have written privacy procedures including a of staff that has access to protected information , how it will be used and when it may be disclosed . Covered entities generally must take steps to ensure that any business associates who have access to protected information agree to the same limitations on the use and disclosure of that information

4 ) How will employees in the medical office have to be trained regarding privacy ? What is required if an employee doesn 't follow the privacy policy

HHS ' Office for Civil Rights (OCR ) oversees and enforces the new federal privacy regulations . Led by OCR , HHS has issued extensive guidance and technical assistance materials to make it as easy as possible for covered entities to comply with the new requirements . Key elements of OCR 's outreach...