If someone could please check this over for me and let me know your thouhts / ideas on this paper thanks this is what I haave to do

The HIPAA Privacy Standards that went into effect in April
of 2003 greatly affect both the privacy rights of patients and
the duties of medical personnel.
Then, go hipaa' site and begin
your research at that site for answers to the questions below.
Be sure to carefully read the PDF file “Summary of HIPAA
Privacy Rule.” (Note that covered entity means those who are
subject to the HIPAA rules—like health plans, doctors, hospitals,
clinics, and nursing homes.) You’ll probably need to use
additional research material and Web sites to complete your
project. You must use appropriate citation throughout your
paper, and you must attach a reference page to your project.
1. Does HIPAA affect the patient’s access to his or her
medical records? If so, describe the effect and the
procedure for obtaining access.
2. Under what circumstances can personal health
information be used for purposes unrelated to
health care? (Hint: There should be at least 12
circumstances.)
3. Are there requirements for covered entities to have
written privacy policies? If so, what has to be addressed
in the policy?
4. How will employees in the medical office have to be
trained regarding privacy (for example, who is responsible
for training and record keeping)? What is required if
an employee doesn’t follow the privacy policy? When
must employees be trained? In what manner?

This what I have so far

HIPPA Privacy Standards
With HIPAA, the Congress included provisions that mandated implementation of several federal privacy protections for some individually identifiable health information (CDCP, 2003).
HIPPA's Effect on Patients' Access to Medical Records
HIPPA allows individuals the right to review and obtain a copy of their own protected health information from a covered entity's designated record set, a collection of records preserved by or for a covered entity in order to be utilized wholly or partly, when making decisions about individuals. Exceptions from what individuals can access are psychotherapy notes, information accumulated for legal proceedings, laboratory results prohibited by the Clinical Laboratory Improvement Act (CLIA) to access, or information held by certain research laboratories as well as when a health care professional deemed access to such information damaging to the individual or another (OCR, 2003).
Using and Disclosing of Information without Individual Authorization
Law enforcement officials can have this protected individual information from the covered entities even without the individual's permission if they would use it for law enforcement purposes when it is as required by law and administrative requests. Information could be released as well to funeral directors and medical examiners to aid identification of dead body, determine cause of its death and other functions as authorized by law. In relation to this, the information may also be used to facilitate the donation and transplant of organs, eyes, and tissue. The information could also be used without authorization for research as well as to prevent or lessen a serious and imminent threat to a person or the public. Nor is authorization necessary when it is for certain crucial government functions like the proper execution of military missions, carrying out of intelligence and national security activities, provision of impenetrable protection to the president, determination of medical suitability determinations for the U.S. State Department employees, insurance of the health and safety of inmates or employees in correctional institutions, and establishment of the eligibility for enlisting in certain government benefit programs. Workers' compensation laws and other similar provisions with relation to the giving of benefits for work-related injuries or illnesses may also be a factor to induce the covered entities to indulge the information even without authorization (OCR, 2003).
Covered Entities' Written Policy Procedures
Covered entities are required to do a lot of things. They must implement written PHI privacy procedures, appoint a privacy office, impose on their business associates the necessity to sign agreements with respect to the confidentiality of PHI and how it should be kept that way and rain all of their employees in privacy rule requirements. Moreover, these entities have to give patients written notice of the covered entities' privacy practices, the guidelines on the procedures in accessing their medical records, an option to request amendments to the records, a chance to limit the use or disclosure of their information, the ability to have an accounting of any use to which the PHI has been put and the chance to request alternative methods of communicating information (TWC, 2004).
Workforce associated to HIPPA
Workforce members include employees, volunteers, trainees, and may also include other persons whose conduct is under the direct control of the entity, whether or not they are receiving compensation from the entity. A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity must have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule (TWC, 2004).
References
Centers for Disease Control and Prevention (2003). HIPPA Privacy Rule and Public Health. Morbidity and Mortality Weekly Report Vo. 52 pp. 1-12
HPPA Privacy Rule:What Employers Need to Know. Retrieved May 12, 2007 from
Office for Civil Rights (2003). Summary of the HIPPA Privacy Rule. US Department of Health and Human Services pp. 1-19



of course I would put the web address as well on my final paper

2 answers