The HIPAA Privacy Standards

The health insurance portability and accountability (HIPAA) act was   enacted by the US congress accented to by Bill Clinton in 1996. The main aim of this insurance cover was to protect workers and families when they change or lose their job. Therefore, this research paper will focus on the enforcement of this Act so that it effectively benefits the United States citizens.

There are certain procedures that an individual is required to follow such as HIPAA in order to get access own medical records from a covered entity. HIPAA in this case maintains health records of those people who are under its protection. If a covered individuals wants to access, his or her medical records there are laid down procedures to follow which are under the HIPAA privacy regulations. It is exceedingly clear that individuals under the cover access to medical records apply if only the information in the medical records is within the defined protected health information. Under the act, health information is extensively defined.

However, consumers under the act have access to their health records if there is health to identify them individuals. Covered individuals under this HIPAA privacy regulation are required to abide to stated deadlines for responding to requests for medical records. There are also established procedures to review denials of these requests. Protected health procedures are given in writing. In the sense of a denial to its access, an individual under the cover has a right to file a complaint with the health human service’s office of civil rights in the United States. Therefore, affections of individuals to access protected health information about them under the HIPAA privacy rule (, 2012).

In case, an individual feels that his or someone else rights were violated they have a right to file a complaint with the health rights department. The complaints go direct to this department where they investigate it against a number of different entities. These entities include the following, pharmacy chain, outstanding medical centers, hospital chains, group of health plans and small offices providers. The complaints must meet the following. Filled in writing, bear the name of a covered entity as well as descriptions of the acts believed to have been violated. Finally, it should be filled within a span of 180 days although with a good cause the deadline can extend

In case of a breach of unsecured protected health, information, notifications of such a breach has to be provided to the affected individuals by the covered entities. In addition, it is the business associates duty to notify covered entities of a breach occurrence. In such a case, individual notices are written by first class mail or Incase covered entity has a problem out of date contact it posts the notice in the home page of its website. Covered entities other times provide notice broadcast or serious prints in the residing areas of the affected individuals.  Press release notifications are for affected individuals exceeding 500 people although the secretary of breaches has to notify first. Notification to the secretary has to be done by filling a breach report from the HHS web site and sending it electronically. These notices provide protection information and the steps the covered entity has taken to curb the problem.

When OCR finds out that, evidence of violations it accepts a complaint for investigation. OCR then informs the covered entity whose name appears in the complaint form together with the person who filled it. These two parties are required to present information on the described problem and accident details. OCR may also request for information in order to get a clear understanding of the facts. What follows is that OCR reviews the information that it gathers (Havins & Testolin, 2004). With the gathered information, one can determine whether the covered entity violated the security rule or not and acts in accordance with the set standards. The next step is to derive a solution, which notifies the complaint accordingly, and the covered entity is required to take a proposed action to resolve the problem.

Parties such as Department of justice CMPs are involved in the investigations. Department of justice comes in when OCR finds a complaint description in line with violation of criminal provisions of HIPAA. In case, a covered entity fails to take the recommended actions by OCR the CMPs is involved. Through the imposition of these penalties, covered entity may request a hearing with HHS where a law judge decides on the effectiveness of the case concerning the penalties.

Order now

Related essays