The HIPAA privacy regulations govern the use and disclosure of “protected health information” or PHI. The HIPAA requirements apply to any uses or disclosures of PHI through electronic, written or oral communications (Sfikas, 2002, p. 1). HIPAA affects everyone else’s access to patient’s medical records however the patient’s access is not affected at all. Family member may act as representative nevertheless, HIPAA authorization is a requirement. Patient may authorize spouse or attorney.
Personal health information can be used for purposes unrelated to health care, including information obligated by federal law in collaboration with the Department of Health and Human Services and personal information that may be utilized by a correctional institution which may be necessary for one’s health care and safety, and for health, safety and security of others in the institution (“Understanding”, 2003). Health information of patient who were employed as armed forces personnel may be released to military officials depending on certain circumstances.
Also used for issues concerning abuse, neglect or domestic violence. Medical information may be revealed to family members, friend or other person not related to the patient as long as it is necessary to provide assistance to healthcare or matters relating to payment of healthcare. It may be used for statistics and research of government agencies, laws concerning workers’ compensation, fundraising programs, disease and injury prevention organized by health authorities, diagnostic tests and financial audits of business partners and follow-up appointment.
There are requirements for covered entities to have written privacy policies, it must be in plain language and must include effective date, contact person, manner on filing complaints, kinds of uses of information that are allowed and not allowed, legal duties of covered entity and explanation of individual rights. HIPAA privacy training can be provided to new and existing employees through online course or seminar. It must be offered to employees within a reasonable time after a person is hired in the company.HIPAA violation would cost an individual $100 to $25,000 per year.
References
HIPAA – Health Insurance Portability And Accountability Act Of 1996, (1996), Brigham Young University, p. 1. Sfikas, Peter M. (2002). New requirements for protecting patients’ health information. Journal of the Ameriacan Dental Association, 133, 12. Understanding your health record information. (2003, April 14). Mabel Wadsworth Women’s Health Center, p. 1.