The HIPAA Privacy Rule establishes regulations to protect individuals' personal health information. It limits who can access health information without the individual's consent and defines situations where information may be disclosed, such as for treatment or in emergencies. The goal is to balance privacy protections with effective healthcare operations.
2. From the Summary of the
HIPAA Privacy Rule
United States Department
of Health Human Services
The Health Insurance
Portability and
Accountability Act of 1996
(HIPAA) established the
privacy rule that assured
an individual’s health
information was protected,
provided, and promoted
high quality health care.
3. The Major of HIPAA
The major goal of HIPAA is to limit access
of an individual’s health information by
creating a definition of which situations
information may be used or disclosed by
covered entities. A covered entity under the
following circumstances may not use or
disclose protected health information,
unless privacy permits or is allowed by the
individual who is the subject of the
information( or the individual’s personal
representative) which must be authorized
in writing, except in emergency situations.
There are two situations in which covered
entity must disclose protected health
information :
(1) to individuals (or their personal
representatives) when they request access
to health information and permission has
been given in writing,
(2) in an emergency medical situation when
an individual is unable to give consent.
4. A covered entity is allowed but not
mandated to use and disclose protected
health information, without an individual’s
authorization, in the following situations:
A covered entity may disclose protected
health information to the individual who is
the subject of the information when it takes
place in person as long as it is shared in a
private setting.
The individual has the right to request that
restricted use be used by a covered entity
for treatment, payment or health care
operations, to persons involved in the
individual’s health care , during payment
process of health care, and in situations of
disclosure to notify family members or
others about the individual’s general
condition, location or event of death.
5. A covered entity may disclose Without an individual’s
protected health information for authorization or permission
quality or competency assurance health care information can be
activities, fraud and abuse shared for the public interest as
detection as well as compliance in the report of child abuse,
activities, if both covered domestic violence and neglect,
entities have or had a and for prevention or control
relationship with the individual and to public health or other
and the protected health government authorities. This
information specifically pertains information may be shared with
to the relationship between government authorities.
parties.
6. All covered health care providers
must permit individuals to request The health care staff must share health
their personal health care care information and records with the
information on record and must patient in a private place. The health care
accommodate reasonable requests staff cannot ask the patient information
by individuals as it relates to about themselves in open public settings
communications of protected health such as a hall way , waiting rooms, in
information. elevators, on the street, on shuttles, or in
A health plan must permit front of other patients in which they may
individuals to receive over hear or over see private information.
communications of protected health
information from the health plan by
alternative means or at alternative
locations, if the individual clearly
states that the disclosure of all or
part of that information could
endanger the individual.
7. The covered entity must be careful to treat a
“personal representative” the same as the
individual. Utmost respect must be used
during the sharing of an individual’s
personal protected health information, as
well as the individual’s right under the rule.
A person legally authorized to make health
care decisions on an individual’s behalf or to
act for a deceased individual or the estate is
called a person’s representative. Exceptions
can be made when a covered entity has a
reasonable belief that the personal
representative may be abusing or
neglecting the individual or treating the
person in such a manner as to cause harm.
Parents are the personal representatives for
their minor children in most cases. They
are allowed access to their children’s
medical record.
8. Disclosures and incidental use
are permitted, so long as
reasonable safeguards are
applied to protect the
individual’s information under
HIPP A guidelines.
9. al
Safe internet use must be applied by
health care staff at all times.
Individual health care information
must be stored in secure files.
Memory sticks and portable
computers must be secure.
Lock down cables must be used with
all computers.
All computers must have antivirus
protection in use and regularly
updated.
10. Positive Impact-
The HIPAA Act has given increased rights to the patient in
the form of personal health care information privacy.
HIPAA has given patients the right to access their own
personal health care information.
HIPAA provides a detailed audit trail in order to track and
identify times that patient information and records have
been modified or accessed, this in turns raises the level of
accountability and transparency.
11. Negative Impact-
While direct cost to patients is minimal, the cost to health
care providers is significant and can strain and overburden
already high budgets.
HIPAA in their complexity can be difficult to apply causing
health information management professionals to
misinterpret rules on a personal basis.
Studies by the Association of Academic Health Care Center
has shown that HIPAA regulations create barriers to
research that involve personal subjects because sharing of
individual data is sometimes caught up in red tape or not
allowed.
12. Negative Impact Continued.-
The Executive Leadership Group of Vice Presidents for
Research of the Association of Academic Health
Centers (AAHC) shows that the Privacy rule within
HIPAA has serious and at times detrimental effects on
biomedical research especially when applied to access
of stored tissue and genetic datasets.
13. The HIPAA Act which went into effect on April
14th, 2003 despite some negative impacts on health
care and research is a vast improvement over
previous protection. It may need to be further
addressed and modified in order to better support
the speed in which research needs to allow for the
develop of new drugs, and treatments of diseases.
In addition the cost of implementing HIPAA at
smaller hospitals and facilities needs to be offset
with increased government assistance.