HIPAA Privacy Standards

Health Insurance Portability and Accountability Act (HIPAA) got enacted on 21st August 1996 and aimed at delivering efficient health care concerning the privacy of patients’ medical records. The act promulgates national standards concerning the access to patients’ health information. According to the HIPAA principle standards the patient possesses the right to have their information medical information kept private (Annas, 1486). The doctrine clearly states that nobody has the right to access a patient’s medical information unless the patient gives authority. On the other hand, the patient is also allowed to not only have unlimited access to their medical records but also obtain copies and correct the information (Annas, 1486). Patients who believe their rights get breached they are advised to file complaints at the Office for Civil Rights (OCR).

To file a complaint, a patient should either write an e-mail or fax to the OCR or through their complaint portal. When submitting the claim, the patient should mention the entity involved in the breach and also describe the particular acts of violation. Also, the filing of the complaint is time sensitive since the patient should file it within 180 days. HIPAA Breach Notification Rule prompts entities to notify patients in case of breach of unsecured protected medical records. The entity should provide the notice through e-mails or class mails electronically. In case of outdated or invalid patient contact information for more than ten people the body should either post on the homepage of their website within 90 days about where the patients can get more information based on the breach. For less than ten people the notice can be in the form of a written notice by phone. All these notifications should get issued within 60 days.

OCR is liable to enforce HIPAA privacy rules, and when a complaint gets filed, it conducts an investigation which undergoes through a process. OCR first notifies the complainant and the involved organization. After that, both parties are requested to present relevant information concerning the problem to analyze the facts. If the claim defines an act that is a probable violation OCR refers the breach to the Department of Justice for further investigation which describes the other agency that gets involved in OCR investigations. On the other hand, if the act does describe a violation, then OCR resolves the specific case through resolution agreements, corrective action, and voluntary compliance. The maximum penalty fee for HIPAA violation is up to $1.5 million or ten years imprisonment sentence and a minimum of $50,000 or a one-year sentence per a deliberate breach.



Annas, George J. “HIPAA regulations-a new era of medical-record privacy?.” New England Journal of Medicine 348.15 (2003): 1486-1490.

Do you need high quality Custom Essay Writing Services?

Custom Essay writing Service