Hipaa Privacy Rule
Running head: HIT 105 RESEARCH PAPER
HIT 105 RESEARCH PAPER:
INVESTIGATING SPECIFIC REGULATIONS OF THE PRIVACY RULE AND OTHER REQUIREMENT OF HIPAA
Angela Giberti
92 Academy St
South Berwick, ME 03908
Student ID: 21307800
Law and Ethics, HIT 105
Research Project # 40903100
Abstract
As part of the requirements under HIPAA 1996, regulated by the Office for Civil Rights under the Department of Health and Human Services [HHS], federal guidelines must set a standard for the protection of individually identifiable health information (2003). These regulations and requirements are outlined under the Privacy Rule. Specifically, it addresses the use and disclosure of records and data by organizations subject to the privacy rule (aka covered entities), as well as outline the rights to knowledge and control over individuals’ medical information (HHS, 2003). The following is a discussion of particular aspects of the Privacy Rule as it relates to specified circumstances addressed.
Question 1: Does HIPAA affect patient’s access to his or her medical record? If so, what it the effect and procedure for obtaining records? HIPAA’s Privacy Rule specifically states that: “except in certain circumstances, individuals have the right to review and obtain a copy of their personal health information in a covered entity’s designated record set” (HHS, 2003, pg. 12). These exceptions include psychotherapy notes limited to counseling sessions that are separate from the medical notes, information compiled for legal proceedings, lab results in which the Clinical Laboratory Improvement Act prohibits access to, data involved in research in which the patient has waived consent to view, or in such situations as when the provider feels access could harm the individual or another (HHS, 2003 and SAMHSA, 2004). HHS (2003) extends these rights to access information to include a personal representative unless there is a strong belief that the personal representative is
HIT 105 RESEARCH PAPER:
INVESTIGATING SPECIFIC REGULATIONS OF THE PRIVACY RULE AND OTHER REQUIREMENT OF HIPAA
Angela Giberti
92 Academy St
South Berwick, ME 03908
Student ID: 21307800
Law and Ethics, HIT 105
Research Project # 40903100
Abstract
As part of the requirements under HIPAA 1996, regulated by the Office for Civil Rights under the Department of Health and Human Services [HHS], federal guidelines must set a standard for the protection of individually identifiable health information (2003). These regulations and requirements are outlined under the Privacy Rule. Specifically, it addresses the use and disclosure of records and data by organizations subject to the privacy rule (aka covered entities), as well as outline the rights to knowledge and control over individuals’ medical information (HHS, 2003). The following is a discussion of particular aspects of the Privacy Rule as it relates to specified circumstances addressed.
Question 1: Does HIPAA affect patient’s access to his or her medical record? If so, what it the effect and procedure for obtaining records? HIPAA’s Privacy Rule specifically states that: “except in certain circumstances, individuals have the right to review and obtain a copy of their personal health information in a covered entity’s designated record set” (HHS, 2003, pg. 12). These exceptions include psychotherapy notes limited to counseling sessions that are separate from the medical notes, information compiled for legal proceedings, lab results in which the Clinical Laboratory Improvement Act prohibits access to, data involved in research in which the patient has waived consent to view, or in such situations as when the provider feels access could harm the individual or another (HHS, 2003 and SAMHSA, 2004). HHS (2003) extends these rights to access information to include a personal representative unless there is a strong belief that the personal representative is
References: Flight, Myrtle. (2004). Law, Liability, and Ethics: for Medical Office Professionals (4th ed). Clifton Park, NY: Delmar Cengage Learning. Substance Abuse and Mental Health Service Administration. (2004, June). The Confidentiality of Alcohol and Drug Abuse Patient Records for Alcohol and Substance Abuse Programs. Retrieved from SAMHSA.gov United States Department of Health and Human Services. (2003). OCR Privacy Brief: Summary of the HIPAA Privacy Rule. Retrieved from www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacy summary.PDF United States Department of Health and Human Services. (2010). HHS.gov: Health Information Privacy. Retrieved from www.hhs.gov/ocr/privacy