Effect of HIPAA to Patient’s Access of Medical Records/Procedure for Obtaining Medical Records

Indeed, HIPAA negatively affects patient’s access to medical records, since information may be withheld to those who have the right to obtain it because of the penalties imposed (United.., 2007). In fact several health care providers are unsure concerning the legalities of the Act (United.., 2007).

Furthermore, it negatively affects research as well because of the fact that HIPAA limits or controls the researchers’ responsibility or task to carry out “retrospective, chart-based research” (United.., 2007). In addition to that, HIPAA restricts researchers to “prospectively assess patients by getting in touch with them for the purpose of follow-up” (United.., 2007). Also, in terms of, “informed consent” forms, extensive detail on how privacy is safeguarded is necessitated making it more difficult for patients/subjects to understand before they could sign in, which usually ends in not doing so since they are not sure of what they will be signing on (United.., 2007).

Meanwhile, to be able to obtain medical records, HIPAA requires that a lawyer “provides a proof to the health care provider that the person who owns the record does not object to it being requested for release” (United.., 2007).

Purpose of Personal Health Information which are not Related to Health Care

 “Protected health information” may be divulged or shared if it is needed by the “military and veterans; national security and intelligence division; protective services for the President of the United States, as well as, other dignitaries; and other correctional facility activities” (University.., 2007).

Requirements for Covered Entities to have Written Privacy Policies/Issues to be Addressed in the Policy

Covered entities are obliged to carry out written privacy policies and procedures concerning “protected health information” created by the law to act in accordance with the “standards, implementation specifications, etc” (Ohio.., n.d.). In addition to that, “policies and procedures should consider the size and type of activities that relate to protected health information” embarked on by the covered entity to guarantee that conformity will exist (Ohio.., n.d.). Also such policy should not be interpreted allow or justify a move which defy any other “standards, implementation specifications, etc” (Ohio.., n.d.).

Training of Medical Employees with Regards to Privacy Policy

Since the HIPAA training is compulsory, “all medical employees including physicians, researchers, dentists, nurses, as well as, employees who access, use, manage, control, disclose and or release protected health information should attend the training conducted by HIPAA” (Ohio.., n.d.). The forty-minute training conducted is web-based, which means that it may be taken anywhere, whether at home or at work (Ohio.., n.d.).

Consequences Brought about by Instances wherein Employees Do Not Follow the Privacy Policy

In cases where employees violate the law, the following will be carried out:

If the employee violated the privacy policy unintentionally, it is required that “the privacy officer and employee will review the policy and discuss the violation” (Ohio.., n.d.). Immediately after that, whatever violation the employee committed, it will be kept on record in the “individual’s personnel file” (Ohio.., n.d.). If the employee defies such violation three times then he or she will undergo the process of “progressive discipline” (Ohio.., n.d.).

Also, if the employee intentionally violated the privacy policy, the Chief of Hospital or Medical Director will be the one to decide on the succeeding consequences, which may be in oral or written form or warning “for a first offense up to and including dismissal for any subsequent offenses” (Ohio.., n.d.).


Ohio Hospital Association. (n.d.). POLICIES AND PROCEDURES SECTION 164.530(i)As Contained in the HHS Final HIPAA Privacy Rules. Retrieved September 17, 2007

from http://www.bricker.com/legalservices/practice/hcare/hipaa/164.530i.asp

United States Department of Health and Human Services. (2007). HIPAA. Retrieved

September 17, 2007 from  http://www.hhs.gov/ocr/hipaa/

University of Michigan Health System. (2007). Notice of Privacy Practices. Retrieved

September 17, 2007 from