Indeed, HIPAA negatively affects patient’s access to medical records, since information may be withheld to those who have the right to obtain it because of the penalties imposed (United.., 2007). In fact several health care providers are unsure concerning the legalities of the Act (United.., 2007).
Furthermore, it negatively affects research as well because of the fact that HIPAA limits or controls the researchers’ responsibility or task to carry out “retrospective, chart-based research” (United.., 2007). In addition to that, HIPAA restricts researchers to “prospectively assess patients by getting in touch with them for the purpose of follow-up” (United.., 2007). Also, in terms of, “informed consent” forms, extensive detail on how privacy is safeguarded is necessitated making it more difficult for patients/subjects to understand before they could sign in, which usually ends in not doing so since they are not sure of what they will be signing on (United.., 2007).
Meanwhile, to be able to obtain medical records, HIPAA requires that a lawyer “provides a proof to the health care provider that the person who owns the record does not object to it being requested for release” (United.., 2007).
Purpose of Personal Health Information which are not Related to Health Care
“Protected health information” may be divulged or shared if it is needed by the “military and veterans; national security and intelligence division; protective services for the President of the United States, as well as, other dignitaries; and other correctional facility activities” (University.., 2007).
Requirements for Covered Entities to have Written Privacy Policies/Issues to be Addressed in the Policy
Covered entities are obliged to carry out written privacy policies and procedures concerning “protected health information” created by the law to act in accordance with the “standards, implementation specifications, etc” (Ohio.., n.d.). In addition to that, “policies and procedures should consider the size and type of activities that relate to protected health information” embarked on by the covered entity to guarantee that conformity will exist (Ohio.., n.d.). Also such policy should not be interpreted allow or justify a move which defy any other “standards, implementation specifications, etc” (Ohio.., n.d.).
Since the HIPAA training is compulsory, “all medical employees including physicians, researchers, dentists, nurses, as well as, employees who access, use, manage, control, disclose and or release protected health information should attend the training conducted by HIPAA” (Ohio.., n.d.). The forty-minute training conducted is web-based, which means that it may be taken anywhere, whether at home or at work (Ohio.., n.d.).
In cases where employees violate the law, the following will be carried out:
Ohio Hospital Association. (n.d.). POLICIES AND PROCEDURES SECTION 164.530(i)As Contained in the HHS Final HIPAA Privacy Rules. Retrieved September 17, 2007
United States Department of Health and Human Services. (2007). HIPAA. Retrieved
September 17, 2007 from http://www.hhs.gov/ocr/hipaa/
University of Michigan Health System. (2007). Notice of Privacy Practices. Retrieved
September 17, 2007 from