From the Summary of the HIPAA Privacy Rule United States Department of Health Human Services

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established the privacy rule that assured an individual’s health information was protected, provided, and promoted high quality health care.

The Major of HIPAA

The major goal of HIPAA is to limit access of an individual’s health information by creating a definition of which situations information may be used or disclosed by covered entities. A covered entity under the following circumstances may not use or disclose protected health information, unless privacy permits or is allowed by the individual who is the subject of the information( or the individual’s personal representative) which must be authorized in writing, except in emergency situations.

There are two situations in which covered entity must disclose protected health information :

(1) to individuals (or their personal representatives) when they request access to health information and permission has been given in writing,

(2) in an emergency medical situation when an individual is unable to give consent.

A covered entity is allowed but not

mandated to use and disclose protected health information, without an individual’s authorization, in the following situations:

A covered entity may disclose protected health information to the individual who is the subject of the information when it takes place in person as long as it is shared in a private setting.

The individual has the right to request that restricted use be used by a covered entity for treatment, payment or health care operations, to persons involved in the individual’s health care , during payment process of health care, and in situations of disclosure to notify family members or others about the individual’s general condition, location or event of death.

A covered entity may disclose protected health information for quality or competency assurance activities, fraud and abuse detection as well as compliance activities, if both covered entities have or had a relationship with the individual and the protected health information specifically pertains to the relationship between parties.

Without an individual’s authorization or permission health care information can be shared for the public interest as in the report of child abuse, domestic violence and neglect, and for prevention or control and to public health or other government authorities. This information may be shared with government authorities.

All covered health care providers must permit individuals to request their personal health care information on record and must accommodate reasonable requests by individuals as it relates to communications of protected health information.

A health plan must permit individuals to receive communications of protected health information from the health plan by alternative means or at alternative locations, if the individual clearly states that the disclosure of all or part of that information could endanger the individual.

The health care staff must share health care information and records with the patient in a private place. The health care staff cannot ask the patient information about themselves in open public settings such as a hall way , waiting rooms, in elevators, on the street, on shuttles, or in front of other patients in which they may over hear or over see private information.

The covered entity must be careful to treat a “personal representative” the same as the individual. Utmost respect must be used during the sharing of an individual’s personal protected health information, as well as the individual’s right under the rule. A person legally authorized to make health care decisions on an individual’s behalf or to act for a deceased individual or the estate is called a person’s representative. Exceptions can be made when a covered entity has a reasonable belief that the personal representative may be abusing or neglecting the individual or treating the person in such a manner as to cause harm. Parents are the personal representatives for their minor children in most cases. They are allowed access to their children’s medical record.

Disclosures and incidental use are permitted, so long as reasonable safeguards are applied to protect the individual’s information under HIPP A guidelines.

alSafe internet use must be

applied by health care staff at all times.

Individual health care information must be stored in secure files.

Memory sticks and portable computers must be secure.

Lock down cables must be used with all computers.

All computers must have antivirus protection in use and regularly updated.

Positive Impact-The HIPAA Act has given increased rights to the

patient in the form of personal health care information privacy.

HIPAA has given patients the right to access their own personal health care information.

HIPAA provides a detailed audit trail in order to track and identify times that patient information and records have been modified or accessed, this in turns raises the level of accountability and transparency.

Negative Impact-While direct cost to patients is minimal, the cost to

health care providers is significant and can strain and overburden already high budgets.

HIPAA in their complexity can be difficult to apply causing health information management professionals to misinterpret rules on a personal basis.

Studies by the Association of Academic Health Care Center has shown that HIPAA regulations create barriers to research that involve personal subjects because sharing of individual data is sometimes caught up in red tape or not allowed.

Negative Impact Continued.-The Executive Leadership Group of Vice

Presidents for Research of the Association of Academic Health Centers (AAHC) shows that the Privacy rule within HIPAA has serious and at times detrimental effects on biomedical research especially when applied to access of stored tissue and genetic datasets.

The HIPAA Act which went into effect on April 14th, 2003 despite some negative impacts on health care and research is a vast improvement over previous protection. It may need to be further addressed and modified in order to better support the speed in which research needs to allow for the develop of new drugs, and treatments of diseases. In addition the cost of implementing HIPAA at smaller hospitals and facilities needs to be offset with increased government assistance.

http://www.hhs.gov/ocr/hipaaOcr” Public Health” Guidance; CDC Public

Health and HIPAAhttp://smallbusiness.chron.com/positive-

negative-effects-hipaa-employment-laws 18500.ht