From the Summary of the HIPAA Privacy Rule United States Department of Health Human Services The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established the privacy rule that assured an individual’s health information was protected, provided, and promoted high quality health care.
The Major of HIPAA The major goal of HIPAA is to limit access of an individual’s health information by creating a definition of which situations information may be used or disclosed by covered entities. A covered entity under the following circumstances may not use or disclose protected health information, unless privacy permits or is allowed by the individual who is the subject of the information( or the individual’s personal representative) which must be authorized in writing, except in emergency situations. There are two situations in which covered entity must disclose protected health information : (1) to individuals (or their personal representatives) when they request access to health information and permission has been given in writing, (2) in an emergency medical situation when an individual is unable to give consent.
A covered entity is allowed but not mandated to use and disclose protected health information, without an individual’s authorization, in the following situations: A covered entity may disclose protected health information to the individual who is the subject of the information when it takes place in person as long as it is shared in a private setting. The individual has the right to request that restricted use be used by a covered entity for treatment, payment or health care operations, to persons involved in the individual’s health care , during payment process of health care, and in situations of disclosure to notify family members or others about the individual’s general condition, location or event of death.
A covered entity may disclose Without an individual’s protected health information for authorization or permission quality or competency assurance health care information can be activities, fraud and abuse shared for the public interest as detection as well as compliance in the report of child abuse, activities, if both covered domestic violence and neglect, entities have or had a and for prevention or control relationship with the individual and to public health or other and the protected health government authorities. This information specifically pertains information may be shared with to the relationship between government authorities. parties.
All covered health care providers must permit individuals to request The health care staff must share health their personal health care care information and records with the information on record and must patient in a private place. The health care accommodate reasonable requests staff cannot ask the patient information by individuals as it relates to about themselves in open public settings communications of protected health such as a hall way , waiting rooms, in information. elevators, on the street, on shuttles, or in A health plan must permit front of other patients in which they may individuals to receive over hear or over see private information. communications of protected health information from the health plan by alternative means or at alternative locations, if the individual clearly states that the disclosure of all or part of that information could endanger the individual.
The covered entity must be careful to treat a “personal representative” the same as the individual. Utmost respect must be used during the sharing of an individual’s personal protected health information, as well as the individual’s right under the rule. A person legally authorized to make health care decisions on an individual’s behalf or to act for a deceased individual or the estate is called a person’s representative. Exceptions can be made when a covered entity has a reasonable belief that the personal representative may be abusing or neglecting the individual or treating the person in such a manner as to cause harm. Parents are the personal representatives for their minor children in most cases. They are allowed access to their children’s medical record.
Disclosures and incidental use are permitted, so long as reasonable safeguards are applied to protect the individual’s information under HIPP A guidelines.
alSafe internet use must be applied by health care staff at all times. Individual health care information must be stored in secure files. Memory sticks and portable computers must be secure. Lock down cables must be used with all computers.All computers must have antivirus protection in use and regularly updated.
Positive Impact- The HIPAA Act has given increased rights to the patient in the form of personal health care information privacy. HIPAA has given patients the right to access their own personal health care information. HIPAA provides a detailed audit trail in order to track and identify times that patient information and records have been modified or accessed, this in turns raises the level of accountability and transparency.
Negative Impact- While direct cost to patients is minimal, the cost to health care providers is significant and can strain and overburden already high budgets. HIPAA in their complexity can be difficult to apply causing health information management professionals to misinterpret rules on a personal basis. Studies by the Association of Academic Health Care Center has shown that HIPAA regulations create barriers to research that involve personal subjects because sharing of individual data is sometimes caught up in red tape or not allowed.
Negative Impact Continued.- The Executive Leadership Group of Vice Presidents for Research of the Association of Academic Health Centers (AAHC) shows that the Privacy rule within HIPAA has serious and at times detrimental effects on biomedical research especially when applied to access of stored tissue and genetic datasets.
The HIPAA Act which went into effect on April 14th, 2003 despite some negative impacts on health care and research is a vast improvement over previous protection. It may need to be further addressed and modified in order to better support the speed in which research needs to allow for the develop of new drugs, and treatments of diseases. In addition the cost of implementing HIPAA at smaller hospitals and facilities needs to be offset with increased government assistance.