HIPAA Compliance Case Study

643 Words3 Pages
In regards to the answer to the first question of the assignment, the HIPAA does not affect the patient’s access to their own medical records. The patient, with presentation of identification, should be able to obtain copies of their medical records, as well as request a correction to any errors on their records. Doctors or medical facilities should then provide access to the patient’s records within 30 days following the patients request and may charge the patient for copying and sending their records to them. If a patient has someone else, whether immediately related to them or not, pick such documents up from a doctor’s office, the patient must have provided a signed release of medical information to the doctor so that person can have access…show more content…
The covered person(s) must have and apply appropriate action against employees who violate its privacy policies and procedures or the privacy rule. HHS will seek the cooperation of all covered bodies and may provide technical assistance to help them comply voluntarily with the privacy policy and its rules. HHS may impose civil money penalties on a covered individual of 100.00 per failure to comply with the privacy rule requirement. The penalty may not exceed $25,000 per year for multiple violations in a single calendar year. A person who deliberately obtains or discloses an individual’s health information in violation of the HIPAA faces a fine of $50,000 as well as up to one year of prison time. Criminal penalties increase to $100,000 and up to five years prison time if the wrongful conduct involves false pretenses, and to $250,000 and up to ten years imprisonment if the wrongful conduct involves intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm. Criminal Sanctions are enforced by the Department of Justice. All employees must be trained immediately after they receive the job. Usually the head of the department trains the employees, one that has perfect knowledge of the HIPAA rules and regulations. The above research has concluded that there are many requirements and processes that one must go through to abide by the HIPAA’s privacy policy. The consumer, i.e. patient, can obtain a copy of their own medical records for personal purposes such as transferring doctors. Employees of a medical facility must comply with the privacy rules in accordance with the office in which they
Open Document