Question

Question set #1:

You are interested in the extent to which clients’ rights to privacy are respected and protected in a community health care agency and the extent to which the agency complies with the requirements of HIPAA. What questions should you ask? What makes those questions essential in your practice?

Example (question): To what extent are the written and electronic communications of the agency protected from people who have no authority to access that information?

Answer 1

The following is a statement of rights and responsibilities of all Health and Counselling Services clients.

Clients have the right to:

• receive humane care and treatment, with respect and consideration
• privacy and confidentiality when seeking or receiving care except for life threatening situations or conditionsconfidentiality of your health records
• receive accurate information concerning diagnosis, treatment, risks, and prognosis of an illness or health condition
• ask about reasonable alternatives to care at HCS or outside facilities
• a second professional opinion regarding diagnosis or treatment
• participate actively in decisions regarding one’s healthcare and treatment
• accessible information regarding the scope and availability of services
• be informed about any legal reporting requirements regarding any aspect of screening or treatment
• a copy of the medical record upon request and written authorization
• file a complaint with the director of HCS regarding any concerns related to the privacy, confidentiality or security of your medical record review and amend your medical record
• revoke your authorization to release except to the extent that action has not already been taken
• a copy of any fees and charges related to your visit

The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Through a series of interlocking regulatory rules, HIPAA compliance is a living culture that health care organizations must implement into their business in order to protect the privacy, security, and integrity of protected health information. Learn more about how to become HIPAA compliant with Compliancy Group’s software solutions.

Despite the intentionally vague HIPAA requirements, every Covered Entity and Business Associate that has access to PHI must ensure the technical, physical and administrative safeguards are in place and adhered to, that they comply with the HIPAA Privacy Rule in order to protect the integrity of PHI, and that – should a breach of PHI occur – they follow the procedure in the HIPAA Breach Notification Rule.

The Electronic Communications Privacy Act (ECPA)is a law that specifies it is illegal to tap, or capture communication, over wires. In addition to the ECPA there are also state laws that cover wiretapping legality. For researchers the important thing to understand about these laws is consent. To legally capture electronic communication requires consent. Whose consent depends upon which legal jurisdiction under which your research falls. Some states require dual consent, which means that all communicating parties must consent to the data capture, but others only require single consent, where only one of the communicating parties has to consent. As a lot of cyber security research includes electronic communications it is important to be aware of these laws.