Research Paper on:
HIPAA Policy Formation

Unformatted Sample Text from the Research Paper:
the privacy of patient information (Wright, 2008). Specifically, HIPAA regulations apply to protected health information, which is defined as, "any information that can be used to identify an individual that  was created, used or disclosed in the course of providing a healthcare service" (Wright, 2008, p. 10). Authorized uses and disclosures:  HIPAA is based on the primacy of the principle of informed consent (Waldo, Lin and Millett, 2007). Key provisions of HIPAA indicate precisely who has access to medical records and  additional provisions apply to "Notice of privacy practices; Limits in use of personal medical information; Prohibition on marketing; Confidential communication and Complaints" (Evans, 2007, p. 252). HIPAAs privacy regulations is  to "define and limit the circumstances" under which an individuals health information may be used and/or disclosed by providers (HHS, 2010a). This information may be disclosed only as the "Privacy  Rule permits or requires" and if the individual authorizes such a disclosure in writing (HHS, 2010a). Disclosures permitted without authorization: The Privacy  Rule allows a covered health provider to disclose protected health information to a "medical device company representative ...for the covered providers own treatment, payment or health care operation purposes" without  first obtaining that individuals written authorization (HHS, 2010b). This must be a medical device company as defined by the Act, meeting the definition of "health care provider" as defined by  the Privacy Rule (HHS, 2010b). For example, a covered provider may disclose to an orthopedic device manufacturer the information required to produce a prosthesis that fit the needs of a  particular patient. Another instance might be when a covered provider discloses information to a medical device manufacturer that is "subject to FDA jurisdiction" in order to report an adverse event