Hipaa refers to the health insurance portability and accountability act. It is a federal law that requires that a patient’s personal health information be protected. It also provides for the physical and electronic security of any patients personal information regarding to his health. In addition, Hipaa also provides for the simplification of billing in addition to other transactions related to a specific person.

How does HIPAA affect a patient’s to his or her medical records?

Since Hipaa is designed to protect a patient’s personal health information, then Hipaa acts as a secondary database for the patient concerning the patient’s health. Due to this fact Hipaa impacts positively on the patient since it prevents the disclosure of the persons information to third parties without his/her full authorization. Thus it gives more control to the patients on the use and subsequent of the information to third parties. In addition, Hipaa provides for the civil and criminal actions against the violators of its principles.

How do you get access to your records?

Every patient is supposed to fill in the application form, where he/she fills his or her personal information. After filling the forms, the details are put in an electronic format and the originals stored. Every patient upon filling the forms is eligible to view the electronic format and review or change it upon proving his/her identity. The patients can thus ask for copies of their medical records any time they want and change them if they so wish. Although they can change the information, some institutions can charge for those services.


What are 12 circumstances can personal health information be used for purposes unrelated to health care?

1. Marketing

2. Research especially involving limited data.

3. For Administrative and judicial proceedings in courts of law.

4. Emergencies

5. For matters of National defense and security

6. Religious practices e.g. the clergy requirements

7. Treatment of similar illnesses

8. Taxation

9. Identification of the bodies of deceased persons.

10. Identification of the cause of deaths

11. Public health needs

12. Law enforcement activities although to a limited scale

Are there requirements for covered entities to have written privacy policies? If so, what has to be addressed in the policy?

According to the privacy rule, all covered entities should have written privacy procedures. This written policy should detail the description of their staff that has access to protected patient health information. In addition, the policy should detail how the information is to be used as well as the circumstances that could allow them to disclose the information to third parties with or without the patients consent. To compound this covered entities generally should make sure that their business partners who might have the same information are governed by the same policy on how to use the protected information and how and when to disclose it.

In addition, the privacy rule ensures that pharmacies, doctors, health plans and other covered entities have their own policies that help to protect the confidential nature of patient information.


These requirements are however flexible to allow these covered entities to perform their services with more ease.

Other situations may allow covered entities to disclose information or share it as long as it is to a reasonable minimum needed for a particular purpose.

How will employees in the medical office have to be trained regarding privacy?

All employees in the medical offices as well as all covered entities must train their staff on the privacy procedures. This will not only deal with accidental disclosure of confidential information but it also allows a legal base to take lawsuit against employees or institutions within the covered entities, who or which overlooks the privacy rule. Covered entities should take disciplinary action against employees who overlook this rule.

What is required if an employee does not follow the privacy policy?

Anybody who does not protect the patient’s privacy can lose his/her job, be made to pay fines ranging from$50000-$250000, or he/she may be sentenced in a court of law and imprisoned for up to a term of ten years or a combination of any of the above


When must employees be trained? In what manner?

There is no specific time that employees should be trained. This is because learning is a continuous process. Thus, employers should make sure that employees constantly are trained on new aspects of the field every now and then.

In the initial stages, universities have their role to play in ensuring that Hipaa is implemented successfully. Thus, all students in medical schools will have to be trained on the requirements of Hipaa before they graduate. This will make it easier for medical practitioners as well as other covered entities to exercise their work with caution.



The official hipaa website available at:


Hipaa workforce training,

available at: http://audit.ucsc.edu/hipaa/HIPAA%20Education%20B