1. Is the term privacy rule accurate in describing the HIPAA legislation? Why or why not?
2. Is it ethical for covered entities to be excused from getting patient permission to use their private information for routine purposes? Why or why not?
3. Based on the limited information in this article, do you think the HIPAA legislation achieves its objective of securing patient privacy?
4. How could this issue of patient privacy have been handled in a more ethical manner?
On August 21, 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA), a piece of legislation designed to clarify exactly what rights patients have over their own medical information and to specify what procedures are needed to be in place to enforce appropriate sharing of that information within the health care community. This law required Congress to pass legislation within 3 years to govern privacy and confidentiality related to [a patient's] medical record. If that action did not occur, then the Department of Health and Human Services (DHHS) was to identify and publish the appropriate legislation. Because Congress did not pass required legislation, the DHHS developed and publicized a set of rules on medical record privacy and confidentiality that required compliance from most health care providers by April 14, 2003.