All healthcare workers need HIPAA training and all new employees should be instructed as part of job orientation. A notice of privacy practices is given to each new patient. This notice explains how health information is disclosed and the legal rights under HIPAA privacy laws. The patient then fills an acknowledgement form and it is placed the patient’s medical record. In such the medical information is thus considered protected health information and the healthcare provider is a covered entity under the HIPAA Privacy rule. The protected health information must be kept confidential. A violation or breach of confidentiality may result in fines or criminal penalties. But, this doesn’t mean that protected health information can not be disclosed. The law allows disclosure in cases of public health risks or in cases where the patient is a victim of neglect or abuse. Medical data may also be disclosed in cases of national security or to law enforcement. Though in this instances a court order may be required.

A patient has HIPAA rights. But a medical practice must properly treat the patient and also comply with legitimate requests for medical records. It is not so simple as to keep records confidential. All the medical information held must be secure. One way for businesses to keep the information secure and comply with the privacy rules is to use electronic medical records. Even though, the employee needs to be properly trained and must log off their workstation when not in use.