The Health Insurance Portability and Accountability Act, otherwise known as HIPAA, was passed by the United States Congress in 1996. The HIPAA Privacy Rule, also called the Privacy Standard of Individually Identifiable Health Information, provided the first nationally recognizable standards for the use/disclosure of individual health information. The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, healthcare clearinghouses, and healthcare providers that conduct certain healthcare transactions electronically. (OCR 2003) When discussing the issue, HIPAA affects patients' access to their medical records. HIPAA was established to help set standards for protecting patients' personal health information (PHI), so HIPAA impacts patient access to medical records. The HIPAA Privacy Rule specifically states that: “except in certain circumstances, individuals have the right to review and obtain a copy of their personal health information in the designated record set of a covered entity.” (HHS, 2003, p. 12) Before implementing this privacy rule, medical practices could simply provide information or make copies of patient records without any written documentation. Patients along with family members may be able to access their information easily. Under the HIPAA Privacy Rule, a patient's personal health information is ensured that it is kept confidential and cannot be used or disclosed unless authorized. However, there are certain circumstances that permit uses or disclosures of your personal health information that are not related to your health care. These circumstances are: 1. Required by law; 2...... half of the document ...... has joined the covered entity's workforce, the employee should be trained on the policy and procedures in a reasonable period of time. Training on privacy policies, procedures for following those policies, and the order in which records should be stored and disposed of should be a major focus of office staff training. “HIPAA training should occur every six months to a year, depending on changes in law, regulations or guidelines.” (Ehow.com)Works Citedhttp://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdfOCR Privacy Rule Summary 2003 pg.11pg.14; page 18 for #445 CFR §160.103.6745 CFR § 164.530(b).6845 CFR § 164.530(e)Pub. L.104-191; 42 USC §1320d-6.http://www.datatrace.com/training/hippa_additional_information.htmhttp://www.ehow.com/way_5682833_hipaa-training-employees_.html