The federal government of the United States of America has privacy laws dealing with numerous separate legal concepts, including a tort based on common law, which allows an aggrieved party to have a lawsuit against an individual who unlawfully invades into ones privacy. According to the Privacy Act 1974, there are numerous regulations concerning the protection of privacy, as protected in the federal government of the United States of America. This is in an effort to foster safety among the US citizens. The privacy act establishes procedural safeguards involving the use of certain types of records kept by agencies. There are other different acts that define privacy within the U.S. constitution, such as the Modernization of Financial Service Act of 1999 (Gram-Leach-Bliley Act). This deals with the financial-privacy rule, the pretexting protection, and safeguards rule. Another privacy-protection act is the HIPAA (Health Insurance Portability and Accountability Act) of 1996 (Brian 97). This paper thereby conducts an in-depth analysis of the U.S. privacy regulation at federal and/or state administrative levels.
To start with, disclosure section (b) of the Privacy Act 1974 proscribes the disclosure of only records obtained from a system of archived records. It categorically states that all agencies are prohibited from revealing any information or record contained in a system of records regardless of the means of communication to any individual, or to another agency (Allan 88). The privacy act, however, gives provision and conditions under which the records may be issued to another party. Regarding the disclosure, the agency is required to keep accurate accounting of the name and address of the pursuant, the date, purpose, and nature of the disclosure. According to the GLBA, the financial privacy rule requires that the financial institutions such as banks, debt collectors, loan brokers, tax return preparers and non-bank mortgage lenders must notify each consumer not later than the beginning of the consumer, relationship and annually thereafter (Allan 84). The notice should be clear and conspicuous. The privacy notice ought to explain details collected about the consumer, how the details are used, how the details are protected and where the details are shared. The notification must also inform the client of the right to a way out of what is being shared. As well, the consumer ought to be notified in case of any changes in the policy for acceptance.
The safeguards rule requires the financial institutions to build an information security plan in written form which offers a description of how the institution is ready for the protection of the client's personal details and the plan to continue protecting the same. In the safeguards rule, the agency is also required to denote at least an employee in management of the safeguards; i.e. to develop, monitor and regularly assess a program to ensure security of information; and also to build absolute risk analyses on each department involved in non-public information. The Pretexting protection part of the GLBA comes into play when one tries to gain access of the non-public information without authorization to do such by maybe impersonating the client, or by phone, mail and email. Pretexting is punishable as a common law crime of false pretenses in the United States. Other restrictions of the GLBA provide that a financial institution is disallowed to reveal account numbers or such forms of access numbers, or credit card codes or deposit account numbers, or transaction accounts of a clients to non-affiliated parties for any purposes (Lee 77).
Despite protecting health information, the Privacy Rule provides that information be disclosed to the individual or personal representatives of the subject when they specifically request access to the protected information; or to the US Health and Human Services department when investigating enforcement action by the healthcare providers. The act also allows covered entities to use the protected information for purposes of treatment or payment, giving opportunity to the individual to object or agree to treatment by asking the subject outright when circumstances require so and for public interest and benefit courses such as preventing or disease control.
Victims of domestic violence, abuse and neglect may provide protected health details to respective government authorities to describe the nature of violence, abuse or neglect inflicted. Through a court order, the protected health information may be disclosed in administrative or judicial proceedings. The privacy rule also provides for shared protected health information for law enforcement purposes under specific circumstances; a requirement by law in form of court order, subpoena, warrant and administrative requests to act upon the request from a law enforcement officer to access the details regarding a victim or a suspected crime victim. This also aims at confirming the identity or finding the location of a fugitive, suspect, material witness, or a person gone missing; covering health care entity in a medical emergency occurrence off its premises, when it necessitates that a law enforcement arm be informed about a form of a crime and its commission; and finally, essential when a covered health care provider is in belief that the protected health details are proof of a crime that was committed within the premises. In the same way, a covered healthcare entity may provide details of protected health information to funeral directors as may be necessary, or in determining the cause of death by coroners and medical examiners. During cadaveric organ, tissue or eye donation, a covered entity may be required, in line with the privacy rule, to share the protected health information.
The privacy rule in the course of research offers provision, where the covered entity is not prohibited from using the protected health information to facilitate research without the subjects consent provided there is documentation of approval by a Privacy Board or an Institutional Review Board. The researcher should also provide presentations indicating that the health information under protection is going to be employed purely for the preparation of research protocol. When there is a serious threat arising to matters public health or public safety, a persons safety or health, the covered entities may provide health information that is protected and proves to be necessary in preventing or lessening the upcoming threat.
Another basic concept of the privacy rule is that it limits using and disclosing to the minimum necessary par. This implies that the covered entities to disclose, request and use the minimum amount possible of the protected health information needed to serve the intended course. The covered entities must construct policies and procedures that constrict usage and disclosure to their minimum necessary limit (Allan 29). However request for disclosure by a healthcare provider for treatment purposes is not bound by the minimum necessary, neither does the disclosure or use made pursuant to an authorization. The minimum necessary requirement does not apply, also, in disclosure to a subject or the individuals personal representative. In the disclosure to the Human and Health Services Department for pursuing a complaint, compliance review or enforcement, the minimum limit does not come to play. In the same way, gauging for submission to the Health Insurance Portability and Accessibility Act Transactions Rule overrides the Privacy Rule. In most circumstances, the subject to the protected health information has the explicit right to obtain and review copy of their covered health information within a covered entitys custody.
Allan, Juels. International Conference on Financial Cryptography. International Health Concerns, (2003), pp. 78-89.
Brian, Atchison. The Politics of the Health Portability and Accountability Act, Health Affairs, 16 (3) (1997), pp. 146-150.
Lee, Gostin. Annals of Internal Medicine. (1997), Am Coll Physicians, 23-30.
If you are the original author of this essay and no longer wish to have it published on the SuperbGrade website, please click below to request its removal: