The Health Insurance Portability and Accountability Act of 1996

The Health Insurance Portability and Accountability Act of 1996

The Health Insurance portability and Accountability Act (HIPAA) has established a set of national standards that protects and allows patients control over their medical records. Therefore, HIPAA does affect the patients access to their medical records. Patients should be able to see or obtain their own records and request any corrections as needed for their files. The patient should ask their doctor in writing for a request of their medical record. This way the patient has a record of the request and any important information such as the day of the request by the patient. It usually takes about 30 days to receive the copy of the medical record. In some cases, the first copy is free, depending on if they are being picked up in person. Patients may be charged fees for additional copies because the staff taking is time to process all information to be gathered and mailed to the patient. Therefore, because of HIPAA, patients have more access and control over their medical records (ocr 2003).

According to HIPAA, patients personal health information (PHI) is confidential and cannot be used or disclosed without proper authorization. However, there are some circumstances that allow the health information to be disclosed unrelated to healthcare. These circumstances would be 1) Required by law 2) public health activities 3) victims of abuse, neglect or domestic 4) health oversight activities 5) judicial and administrative proceedings 6) law enforcement purposes 7) decedents 8) cadaveric organ, eye, or tissue donation 9) research 10) serious threat to health or safety 11) essential government functions 12) workers compensation 13) risk of death or harm to oneself. These are the only circumstances that would allow the patients medical records to be obtained without authorization (OCR 2003).

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

There are requirements for covered entities to have written privacy policies. HIPAA requires that covered entities supply to the individual a written notice of the privacy policy. The things that need to be addressed in the privacy policy include:” the individuals rights and how they may implement his or her rights regarding the public health information, all the legal duties of the covered entity, description of disclosures allowed by HIPAA, description of the different types of allowed uses to disclose the PHI, including the disclosures that are required to be disclosed without the written consent or authorization of the individual, it should also include a separate statement for some PHI such as appointment reminders, different treatment options, and other services that maybe of interest to the individual” (Sullivan 2005).

To be in compliance with the HIPAA laws, every employee needs to have training in all the procedures and policies with HIPAA to understand the confidentiality for all patients.
The staff must be trained as soon as the training information is available, usually a set date is imposed. If there has been any new changes involving the information, staff must be updated and trained within a reasonable time. Usually the office has a trained Privacy Officer. They are the ones that are usually responsible for making the training dates available and keep a record of documentation of who attends and completes all required training. (ocr 2003) If someone violates the privacy policy there can be fines and penalties of jail time. “The law can establish fines up to $100 for each civil violation and up to 10 years in jail” (Stein 2006).


Center for The Disease Control and Prevention(2003). HIPAA Privacy Rule and Public

Health. Morbidity and Mortality Weekly Report Vo. 52 pp. 1-12

Guidance from CDC and the U.S. Department of Health and Human Services.

(Apr 2003). June 11,2009.
Office for Civil Rights (2003). HIPAA Privacy Rule: What Employers Need To Know.

Office for Civil Rights (2003).

Summary of the HIPAA Privacy Rule. U.S. Department of Health and Human

Services. Pp. 1-19

Privacy Rights. (Sept 2008). Privacy Rights Clearinghouse. June 21, 2009

Stein, Rob. “Medical Privacy Laws Nets No Fines”. The Washington Post.

June 2006 A1. June 21, 2009.

Sullivan, June M. HIPAA A Practical Guide to the Privacy and Security of Health Data.

New York, American Bar Association (2005). Pp. 7-8. June 21, 2009

U.S. Department of Health and Human Services. Apr 3, 2003