The article presents detailed information on how the Health Information Portability and Accountability Act of 1996 (HIPAA) affects health care organizations guided by the laws and the patients that these facilities serve. HIPAA regulations were enacted to offer further security of an individual's protected health information (PHI) such as social security number, date of birth, medical history to include previous or on going illnesses, past surgical interventions or genetic disorders to name a few. The rules were designed to determine how and when a patient's information could be disclosed. As stated by Rosati (2002) "the covered entities are not required to guarantee the privacy of PHI; rather, they must make "reasonable" efforts to protect the confidentiality and security of that information." (Para. 10).
The article provides explicit information regarding instances when an individual's PHI may be used with and without their permission. Rosati (2002) further provides detailed advise as to what information must be provided on an authorization form in-order to comply with the rules.
Additionally, the useful account describing the circumstances under which a "covered entity" may access a patient's PHI without their consent is discussed. This is very appropriate data and serves to address fears of health professionals who may treat patients in emergency situations who are unable to obtain consent.
This is especially a hot topic with health care providers following exposure due to a needle stick incident or other exposure to blood borne infections. What avenue do employees have in requesting the health information of the patient to ensure their own safety? The HIPAA regulations clarify that only with the permission of the patient can the exposed employee have access to the patients PHI. However, there are loop holes that allow the employee to circumvent the rules, with the facility having the right to...