By 
It is very important that the electronic records of the patients are safeguarded. The HIPAA Compliance Certification is a must as it makes the entity aware of the various administrative, physical, and technical measures that must be taken in order to maintain complete security of the data.
The HIPAA privacy policy tries to cover things like paper documentation as well as a verbal communication of sensitive data. It defines the things that need to be protected by the healthcare provider as far as the patient’s privacy is concerned. However, there are some aspects that are not covered properly or are difficult to understand which leads to confusion. For example, in some cases authorization is not needed when it comes to protected health information. For example, one does not need authorization for using or disclosing protected health information when it comes to treatment, payment, or health care operations. Even for the use of information for the treatment activities of another healthcare provider no authorization is needed. In some cases, disclosures are done for the purpose of assessment of quality, improvement of activities, reviewing the qualifications of health care professionals or for the purpose of detection of fraud or abuse or noncompliance of policies etc. However, the healthcare provider has to give the patient notice of privacy practices. The healthcare provider must get written acknowledgment from the patient that he or she has received the notice of privacy practices.
Some standards have been set for the protection of the HIPAA privacy rule. The protected health information should not be disclosed under any circumstances to unauthorized people. The HIPAA Privacy Policies makes it mandatory for the healthcare provider to evaluate their methods and practices and to take appropriate measures to safeguard the information and to prevent leakage of this information. The rules are at times a bit flexible in order to accommodate different situations.
Marketing is also one more aspect where lots of confusion is there with regards to the HIPAA privacy rule. It takes into account the communication of product or service as marketing. If communication is marketing then before making any communication the healthcare provider will have to obtain authorization from the patient. But there are some exceptions that are made in this rule. For example, communication is not marketing if it is made for the treatment of the patient or if it is made for the management or care of the individual or for alternative treatment or therapies etc.
As you can see that there are some points which can leave one confused. But overall HIPAA security rules cover most of the valid points. It tries its best to make sure all the important details are covered in order to safeguard the patient information. It is also on the healthcare provider to make sure that he trains his employees in a proper way and his company follows all the rules and regulations. He must take preventive measures to ensure that the rules are not violated.
