Term Paper on "Privacy Protection Act"

Term Paper 8 pages (2315 words) Sources: 20 Style: MLA

[EXCERPT] . . . .

Privacy Protection Act

The United States Privacy Act of 1974 has had significant influence on the way businesses handle private information. Although it was originally passed in 1974, it has been amended numerous times and has acted as the foundation from which all other privacy related laws and policies have been built. Originally passed to apply to the information gathered by government agencies, today the act also governs the protection of private information gathered by numerous organizations, including government agencies and businesses. Recently, the Act's provisions have been most often applied in such areas as to information gathered on e-commerce business websites and in the healthcare services.

The Privacy Act of 1974 was passed as Public Law number 93-579, 88 Stat. 1987 and has since been codified in 5 United States Code section 552. It arose out of the revelations surrounding privacy abuse within the presidential administration of Richard Nixon. The original act focuses on setting out statutory and specifically mandated conditions to be established prior to private information being disclosed. According to the Act, "No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to any agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains to."

The Act does however create several specified exceptions for the use of personal records without first meeting the conditions of express written request and/or consent. These exceptions include the use of records for statistical purposes per the activities of such agencies as the Census Bureau and the Bureau of Labor Statistics. The Act's conditions also do not apply to any routine use within a United States government agency or for archival purposes "as a record which has sufficient historical or other value to warrant its continued preservation by the Untied States Government." More so, the Act's provisions also do not apply to any law enforcement related purpose or when being used in the course of a congressional investigation. Finally, the conditions do not apply to record use for any other administrative purposes other than as contained in the Act.

In order to ensure the security and privacy of records containing personal information, the Privacy Act mandates that all agencies of the United States government implement both a physical and administrative security system. The purpose of such a security system is to prevent all unauthorized releases of any personal records. Furthermore, the act also requires that each agency maintain a system of all records that can be reviewed and copied upon the request of the individual of whom the records are pertaining to. Further, the agency must permit the individual an assessable route of requesting an amendment of any record that pertains to him or her.

This portion of the act has had far-reaching influences that have stretched beyond its original application to governmental agencies only. For example, in 1988 the Privacy Act was amended to include the Computer Matching and Privacy Protection Act of 1988. This amendment added specific protections to the subjects of any record governed by the Privacy Act's jurisdiction when those records are used in automated matching programs. Specifically, the amendment created protections to ensure procedural uniformity in carrying out such matching programs, due process for subjects in order to protect their rights, and oversight of matching programs through the creation of Data Integrity Boards located within each and every agency engaged in matching activity in order to carefully monitor the agency's matching activities.

Perhaps the Privacy Act's most lasting and broadest influence is its establishment of a standard of privacy expectation that has since been expanded and applied to numerous non-governmental areas. For example, in 1988 congress passed the Children's Online Privacy Protection Act, aimed at ensuring that websites did not operate or seek to solicit information from individuals under the age of thirteen. In 1988 the Video Privacy Protection Act was passed, preventing "wrongful disclosure of video tape rental and sales records." In 2006 congress instituted the Telephone Records and Privacy Protection Act, which prohibits pretexting to buy, sell or obtain personal records except when conducted by a law enforcement or intelligence related agency.

Perhaps the most influential aspect of this trend is seen in 1996's Health Insurance Portability and Accountability Act, whose Privacy Rule essentially takes the conditions of the Privacy Act of 1976 and applies them to all levels of the health care services industry.

The Health Insurance Portability and Accountability Act, or HIPPA, was enacted in 1996 and requires the establishment of national standards for privacy and security of patient medical records. It not only defines numerous offenses but also sets civil and criminal penalties for them. The Privacy Rule focuses on establishing rules and regulations for the use and disclosure of all Protected Health Information, or any information pertaining to the health status, provision of health care or payment for health care that can be linked to an individual patient. According to the legislation, all covered entities must disclose protected information to the individual within thirty days of the request or whenever else required by law (such as when reporting a suspected child abuse case to an agency like the Department of Human Services).

Protected Health Information may be disclosed when needed to facilitate treatment, payment or health care operations or when the authorization of the patient or individual has been obtained. It should be noted, however, that disclosers of Protected Health Information must only be as to the needed information and not all the information contained in the record. Whenever Protected Health Information is used, the individual must be notified and such uses must be recorded and documented as to the following of all required procedures. Further, all required providers must have a Privacy Official to serve as the contact person for all complaints relating to Protected Health Information.

HIPPA's Security Rule compliments the Privacy Rule. According to the Security Rule, three types of security safeguards are required for all compliances. These safeguards include administrative, physical and technical. Administrative safeguards include the adoption of written policies and procedures, training programs and use of internal audits to ensure compliance. Physical safeguards focus on controlling physical access to records and protect against inappropriate access to protected information. For example, access to records must be limited, all technology must have specific safeguards and all workstations must be away from traditionally high traffic areas. Technical safeguards focus on controlling access to computer systems by implementing data transfer procedures and steps.

Using these rules as a guide, the first step is to establish an individual who will be in charge of all HIPPA related compliance issues and field all complaints. This individual's first step will be to establish standardized procedures for releasing confidential information. This is best handled by using a standard patient authorization and release form. No document requests, even from the patient, should be allowed to see any documents pertaining to a patient until a validly signed release is obtained.

Access to patient files must also be limited. All computer systems that contain such information should be in limited-access areas and require special password information to obtain. This will help ensure that only qualified and trained individuals have access to the records and non-qualified people will not have access, either direct or indirect, to the information.

Finally, in order to ensure cyber-based security threats, all servers that relate to patient medical evidence must be regularly updated with the latest anti-virus protection software. Further, all servers should be closed and, most importantly, backed up.

In order to de-identify medical record information for such things as using records for medical-based research, one must remove any information that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Such identifying information that must be removed includes, but is not limited to: names, telephone numbers, fax numbers, email addresses, social security numbers, Internet protocol address numbers, finger and voice prints, and full face photographic images or other comparable images.

Clearly, HIPPA has had a significant impact on the healthcare industry. For example, health care workers are limited in what they can and cannot ask patients. Even patients that they know cannot be asked about their conditions. HIPPA's enactment has also caused numerous changes in the methods doctors and other treatment providers operate.

Another effect is the limitation it places on the ability for doctors to conduct medical research, especially the ability to perform retrospective, chart-based research. Further, it limits their ability to prospectively evaluate patients through follow-up contacts.

Likewise, similar measures have been taken to apply the permeates of the Privacy Act to the business world. Under these rules and regulations, any business that collects information from a customer that is private in nature must fully disclose to the customer how that information may or may not be used. Because of issues with the commerce, the rules stop short of… READ MORE

How to Reference "Privacy Protection Act" Term Paper in a Bibliography

Related Term Papers:

What Privacy Do We Have in the Workplace Case Study

Privacy do we have in the Workplace

Why do we have Privacy in the Workplace?

In this paper, we are going to be looking at how much privacy employees are… read more

Case Study 5 pages (1593 words) Sources: 0 Topic: Career / Labor / Human Resources

---

Privacy Issues Raised by Social Networking Essay

Social Networking Privacy

Online privacy has been a prominent topic around the modern world since the Internet came to prominence. However, with the advent of social sites and networks like… read more

Essay 10 pages (3284 words) Sources: 18 Topic: Computers / IT / Internet

---

Consumer's Privacy Bill of Rights Term Paper

Consumer's Privacy Bill Of Rights

Consumer Privacy Bill of Rights

Over the last several years, the Internet has become the one place where consumers can learn about new ideas. While… read more

Term Paper 5 pages (1482 words) Sources: 7 Topic: Advertising / Marketing / Sales

---

Patient Privacy and Security of Information Research Paper

Patient Privacy and Security Information

Over the last several decades, the way health care information is stored and retrieved has become an issue of heated debate. Part of the reason… read more

Research Paper 5 pages (1794 words) Sources: 5 Topic: Healthcare / Health / Obamacare

---

Analysis of the Electronic Privacy Control Act Term Paper

Government violations may lead to disciplinary action against the officials involved.

Title III is the Pen-Register and Trap and Trace Devices prohibitions. Sources of incoming calls are identified by trap… read more

Term Paper 4 pages (1289 words) Sources: 4 Topic: Sports / Exercise / Fitness

---

View 100+ more related papers  >>