Health informatics professionals are required to possess an effective working
knowledge of the Health Insurance Portability and Accountability Act
(HIPAA) Privacy Rule and Security Rule. At some point in your career, you
may be asked to participate in policy development and to apply specifications
included in new HIPAA Law to existing policies. Health informatics
professionals need to be aware of new laws and regulations, how they impact
the healthcare organization, and how best to educate staff on any workplace
This task will provide you with two documents. First, read the attached
�Health Record Policies,� which includes policy draft excerpts. Next, read
the attached �Sections of Montana Code,� which includes definitions from
Montana law pertaining to the validity of consent of minor for health services
(41-1-402), confidentiality of health information (50-16-603), patients�
examination and copying (50-16-541 and 50-16-542), and reasonable fees
A. Evaluate the two policies in the attached “Health Record Policies” by doing
- Discuss what information should be included in an addendum pertaining to
a shadow chart.
- Discuss how information technology staff can help decrease incidents of
B. Discuss one situation from Montana Code 41-1-402 (2a through 2d) that
may result in criminal liability to the organization if not followed.
- Summarize how HIPAA defines criminal liability.
- Explain which part of 2a through 2d of Montana Code 41-1-402 would
directly impact actions of clinical staff.
Running head: LEGAL REQUIREMENTS FOR HEALTHCARE 2
Legal Requirements for Healthcare
Evaluate the two policies in the attached “Health Record Policies” by doing the following:
Discuss what information should be included in an addendum pertaining to a shadow
Generally, an addendum includes amendments or corrections in the primary medical
records. This must bear the client’s signature, the amendment date and the amendments
themselves. This avails the information that was missing at time of original entry.
Discuss how information technology staff can help decrease incidents of security breaches.
Security breaches especially related to data cause negative consequences for healthcare
institutions, their clients and employees. The information technology staff should take preventive
measures to avoid this. Encrypting confidential data is essential. All computers in the
organization must have password protection. Also a backup of all data must be kept to avoid loss
Running head: LEGAL REQUIREMENTS FOR HEALTHCARE 3
of data in case of data loss. Thirdly, controls must be placed on data access and storage to avoid
unauthorized access. Disposal of outdated data and equipment should be done carefully, and
there should be regulation on use of laptops and other portable storage media and devices
(Pendrak & Ericson, 1998).
Discuss one situation from Montana Code 41-1-402 (2a through 2d) that may result in
criminal liability to the organization if not followed.
A situation that may result in criminal liability for a healthcare institution is if for
example an abortion is procured on a minor from a stable family and under the care of her
parents without the parent’s consent.
Summarize how HIPAA defines criminal liability.
HIPAA has put a penalty for any unauthorized access to a patient’s medical records with or
without knowledge of this law. Employees in healthcare institutions can also be charged with
breaching the confidentiality of patients without authority to do so.
Explain which part of 2a through 2d of Montana Code 41-1-402 would directly impact
actions of clinical staff.
Part 2 (d) would impact actions of the clinician. If a minor needs treatment for STDs,
drug and substance abuse, then if the clinician accepts to offer treatment, they are also mandated
to offer counseling the minor or refer them to a counselor.
Running head: LEGAL REQUIREMENTS FOR HEALTHCARE 4
Discuss one situation from Montana Code 50-16-603x (1 through 7) specific to health
record identification that may result in a legal claim against the organization if not
If a healthcare institution uses pictures of their former patients for its advertisement on
the media without written consent from the former clients.
Develop a confidentiality policy statement (suggested length of 1–2 sentences) using either
Montana Code 41-1-402 or Montana Code 50-16-603.
Disclosure of a patient’s presence: This should not be disclosed to unauthorized parties,
even in a manner that would reveal nature of disease without the consent of the patient as it will
be a breach of confidentiality.
Compare three points in the Montana codes to HIPAA laws as they refer to release of
50-16-542. 1(a) Release of information will be denied if the healthcare provider thinks it
will cause negative effects on the recipient. 50-16-542. 1(c) if the information will cause danger
to the recipient’s safety and 50-16-542. 2(a) if the minor has a mental condition. All these show
that information can only be released if it will not cause any adverse effects on the patient.
Develop a release of information policy statement (suggested length of 1–2 sentences) using
either Montana Code 50-16-541 or Montana Code 50-16-542 for a policy book.
Running head: LEGAL REQUIREMENTS FOR HEALTHCARE 5
Releasing information of patient over the phone of fax: This is not encouraged as the
there is no evidence provided to show that the caller or fax destination are eligible recipients of
the patient information.
Pendrak, R. F., & Ericson, R. P. (1998). Information technologies need to protect patient
confidentiality. Healthcare Financial Management, 52(10), 66-8.