HIPAA Privacy Rule The HIPAA privacy rule provides protection of personal health information held by covered entities and gives patients an array of rights with respect to that information (DHS, 2012). Health information cannot be used or disclosed without proper authorization by the patient or legal guardian for minors.
Covered entities Covered entities are health care providers, health plans, and a healthcare clearinghouse. Health care providers are doctors, clinics, psychologists, dentists, chiropractors, and other health care professionals.
Protected Health Information The privacy rule protects all “individually identifiable health information” held or transmitted by a covered entity in any form or media, whether electronic, paper, or oral (DHS, 2012). The principle behind the privacy rule is to limit the use and disclosure of PHI .
Breach of Confidentiality A breach of confidentiality is a disclosure of information to a third party without patient consent or court order (AMA, 2012). Patient information can only be released with patient’s consent in writing or verbal. HIPAA consider the release without authorization only to facilitate treatment or health care operations (AMA, 2012).
Enforcement and Penalties HHS (2003) impose civil penalty of $100 per failure and may not exceed $25,000 per year . Criminal penalties of $50,000 and up to one year imprisonment for HIPAA violations, $100,000 with five years for false pretenses, and $250,000 with ten years for using, selling of PHI.
Safeguarding and Security Sensitive patient information should have security controls. Staff should turn off or log off when not using the computer. Patient information should not be discussed on hallways or elevators. Access of information should be according to the work involved.