Essay Sample on Protecting Health Info & Public Safety: HIPAA Rules & Business Associates

Introduction

Cognizant of the need for authorized entities to access protected health information and the importance of public health reports in the identification of threats to health and safety of the public, the HIPAA Privacy Rule permits covered entities to disclose protected health information without authorization for specified public health purposes (Iguchi et al., 2018). Moreover, the rule requires that business associates engaged by covered entities should disclose their activities when needed for public health reasons (Joshi et al., 2016).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Public Health Authority

A “public health authority” refers to any agency authority at the federal, state, or local level that is responsible for public health matters as part of its official mandate. Persons or entities acting under a grant of authority from, or under a contract with, a public health agency also fall under the same category (Cohen & Mello, 2018). While covered entities are generally required to limit the protected health information disclosed for public health purposes to the minimum amount necessary to accomplish the public health purpose, they are not required to make a minimum necessary determination for public health disclosures that are made according to an individual’s authorization, or for disclosures that are required by other law.

Privacy Officer Responsibilities

The responsibilities and expectations of Privacy Officer vary according to the size of their organization and the amount of PHI they process. Since they have a good understanding of the law, they are tasked with identifying and evaluating potential threats to the confidentiality of PHI. After identifying the threats, they are then required to develop standards, policies, guidelines, and procedures to minimize the threats and enhance the protection of PHI. They also implement training for the incoming and existing employees since training is an important element of HIPAA compliance (Agris & Spandorfer, 2016).

Privacy Officers are also required to periodically perform security audits of all technology and networks used by employees to ensure that best practices are upheld. In case of a breach of privacy, the privacy officer should contact the Health and Human Services (HHS), who then notifies all the necessary parties of the breach. Finally, the privacy officer should keep up with updates in policy and legislation relating to HIPAA to ensure that security practices and training in their organizations are up-to-date (Shay, 2017).

Conclusion

Generally, the Privacy Rule gives covered entities the authority to disclose protected health information, without authorization, to public health authorities who are legally authorized to receive such reports to prevent or control disease, injury, or disability. For instance, protected health information may be disclosed to people at the risk of spreading or contracting a disease.

References

Agris, J. L., & Spandorfer, J. M. (2016). HIPAA Compliance and Training: A Perfect Storm for Professionalism Education? The Journal of Law, Medicine & Ethics, 44(4), 652-656. Retrieved from https://journals.sagepub.com/doi/abs/10.1177/1073110516684812

Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century. Jama, 320(3), 231-232. Retrieved from https://jamanetwork.com/journals/jama/article-abstract/2682916

Iguchi, M., Uematsu, T., & Fujii, T. (2018). The Anatomy of the HIPAA Privacy Rule: A Risk-Based Approach as a Remedy for Privacy-Preserving Data Sharing. International Workshop on Security, 174-189. Retrieved from https://link.springer.com/chapter/10.1007/978-3-319-97916-8_12

Joshi, K. P., Yesha, Y., & Finin, T. (2016). An ontology for a HIPAA compliant cloud service. 4th International IBM Cloud Academy Conference ICACON 2016. Retrieved from https://ebiquity.umbc.edu/paper/html/id/756

Shay, D. F. (2017). The HIPAA Security Rule: Are You in Compliance? Family Practice Management, 24(2), 5-9. Retrieved from https://www.aafp.org/fpm/2017/0300/p5.html