HIPAA

Patient’s information is utmost private. However, in the past there has been abuse and wrong use of this information. To curb the spread of the unethical behavior, Federal Law was enacted to be the voice of the people through establishment of legislation that dictates the use of patient’s information and avenues for punishment if the laws are broken. This paper aims at investigating and analyzing the understanding of the patient’s rights, complaint procedures, and health provider’s responsibility and jurisdiction. In essence, it is important for anyone in the medical sector to understand this as an essential principle and professional code of behavior.

HIPAA gives a patient full access to any medical documents that may be held in hard or soft copy. In that case, the client is entitled to have access upon request. For other parties, the regulation gives a consideration to family members, unless the patient states otherwise. In another capsule to the legislation employers, marketing agencies and other third parties do not have any mandate to ask or view patient’s information, unless it is approved by the patient (Health and Human services, 2012). In case any rights captured in the clauses are violated, the patient can file a complaint in two ways. The first one is to the company or service provider directly, while the second is through the government Office of Civil Rights (OCR) in the Health and Human services department (HHS).

As mentioned, there is a means of settling dispute through the OCR. In this method, anyone with an allegation of health information can seek justice through this means. However, unless there is a pressing need and worthy reason, any complaint should be considered in the period not exceeding 180 days since the occurrence of the violations. There are the electronic way and the conventional way. In the electronic way, upon getting the complaint form from the http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html link, the written complaint has to capture the name of the “Covered entity” and a detailed description of the action that allegedly violate the health information policy, and this is sent by e-mail without a need for a signature. Similarly, in the conventional method, one can either download the form or pick one from a regional OCR office and engage in the same procedure, only this time signing is imperative, and it is sent to the regional OCR by mail or fax.

A breach occurs when un-authorized use of information captured in the health information policy and termed unsecure for the undetermined usability of people who are not authorized takes place. In that case, the covered entity should notify the patient of the breach via first class mail or e-mail depending on authorization, via the secretary, and in exceptional circumstances, via the media. In case contacts are outdated or not available, notice is allowed via telephone. Media can be used as a last resort and if the breach affects many people. In all cases, the secretary through the HHS website must be informed by the entities. A timeline has to be set at or before the period of 60 days from the day of breach elapses.

After filing a complaint, the verification of the details pertaining to the issue takes center stage as a part of the larger investigation process. At this stage, they check for the effective days of the occurrence within the stipulated time frame, whether the organization is a covered entity, and whether the activity violated the privacy or security rules of HIPAA. If the matter is worth consideration, it is taken up by OCR. In the investigation, if the incident only violates the privacy and security clauses of the law, OCR takes full responsibility in the investigation (CIPP guide, 2012). However, if the matter involves other forms of crime not captured by HIPAA, the Department of Justice is invoked to take action on the accused. Hearings are arranged for the cases ranging from the OCR committees and court summons. In that case, punishment includes imprisonment and fines, depending on the gravity of the matter and the category in which it fits. Fines range from $100 per violation to $50,000 (Hipaaviolations.com, 2012). Imprisonment varies with the violation and Federal law, in case it falls outside the jurisdiction of HHS.