Policy, Politics, and Global Health


Policy,Politics, and Global Health



Introduction 3

Part A: Medical Records Policy 3

A1 Health Insurance Portability and Accountability Act (HIPAA) 4

A2 Relevance of Medical Records Policy (HIPAA) in Nursing 6

A3 Financial Impact of Medical Health Records Policy 7

A4 Ethical Principles 8

Part B: Policy Brief Development for Medical Health Records Policy 9

B1 Medical Health Recods Policy and Requirements for Decision Makers’ Attention 9

B2 Main Challenges of Addressing Medical Health Records Policy 10

B3 Primary Interventions for Decision Makers in Implementing Affordable Care Act 10

B4 Course of Action for Implementing the Medical Health Records Policy by Decision Makers 11

B5 Evaluation of the Success of the HIPAA Oriented Policy 12

Part C: Plan for Addressing the ACA Integration in Sunrise Hospital 11

C1 Stakeholder Interests in the ACA Act Implementation 14

C2a Community Based Participatory Research 14

C2b Medical health Records Policy Implementation 15

C2c Actions and steps in Achieving Alignment 15

C2d Roles &amp Responsibilities in Problem Solving 16

C2e Collaborative Evaluation Plan 16

C2f Success of Community Plan 16

Part D: Strengths and Challenges in Top-Down &amp Bottom-Up Approaches in HIPAA Act………….17

D1 Strengths of the Two Approaches 17

D2 Challenges of the Two Approaches 17

D3 Recommended Approach for HIPAA Act 17

Bibliography 18

Highpopulation, increased prevalence of chronic diseases and risingnumber of old population has led to increased demand for healthcareservices. These aspects have led to demand for healthcare reforms inorder to serve all citizens efficiently and effectively. Since 2010,the American healthcare has witnessed significant healthcare reformsaimed at making healthcare services more accessible and affordable toall. These reforms were instigated by various challenges such asshortage of physicians, increased aging population, overloading ofmedical resources, poverty and prevalence of chronic disease. Throughthe enactment of the Obamacare Act 2010, healthcare services expandedcreating increased need for medical services. In particular, theObama Care Act introduced more affordable healthcare reforms in thehealthcare sector. However, access and affordability of thesehealthcare services still remains a great challenge due to inadequateinfrastructure. The Obama care Act 2010, was preceded with increasedneed to adopt Electronic Health Records (EHR) in order to increaseefficiency and effective management in the provision of healthcareservices. Although, Electronic health Records have been a success inmost government and private healthcare institutions, informationsecurity remains a great challenge.

Thispaper seeks to reflect on the adoption of Health InformationTechnology (HIT) policy in relation to health records security forpatients. The paper will further explains how the implementation ofthe EHR affects the nursing practice, healthcare delivery and thehealth outcomes of individuals, families and the communities. In thepolicy advocacy paper, more evaluation and analysis of ethicalaspects in the implementation of Medical Health Records will bepresented. The policy advocacy paper on Medical Records will evaluatethe top-down and bottom-up approach with regard to how policy makersand other stakeholders participate in the implementation of thispolicy. Lastly, this paper will formulate recommendations andconclusions based on community-based participatory research.

PartA: Medical Health Records Policy (HIPAA)

Theadoption of information technology has been an important aspect inpromoting unprecedentedgrowth and expansionin the healthcare sector. Information technology is what is requiredto make healthcare services essay to manage and accessible to thediverse American population. Medical health records facilitates insharing vast health records across wide areas of facilities,personnel, processes and locations. Electronic medical records makeit easy to access patients’ bio, medical history, billings andmedical schedules. The introduction of electronic health recordsimproved efficiency of medical health services operations and theoverall healthcare practice. However, some are still skeptical of theelectronic health records as strategic healthcare reforms aimed atincreasing health care services operations.

Electronichealth records enhance efficient healthcare coordination, collectingepidemiological data and optimal healthcare services delivery. Inone study, conducted by RAND, it was estimated that the adoption ofEHR lead to saving of approximately $80 B per year. While, electronichealth records are important aspects in the healthcare expansion,serious issues remain contentious with regards to patients’ dataprivacy. A study conducted byMcDonald,Callaghan, Weismann, Goodwin, Mundkur and Kuhn (2014) indicates thatsignificance number of American population believes that EHR are noteffective, are costly to implement and raises serious doubts on theprivacy of patients’ data. However, the main bone of contestationthat has been raised concerns the credibility of the EHR insafeguarding patients’ health records. Significant number of theAmerican population still doubt the implementation of the electronichealth records despites its efficiency.

Evidenceindicates that most patients are hesitant to share health informationfearing economic threat, social stigma and stress (Health PrivacyProject 2007). Today, despite the formulation of various policy actssafeguarding patients’ data information security and privacy is anarea of growing concern. Since 1973, various policy acts have beenimplemented to safeguard patients’ data. The first policyregulating health information was enacted in 1996 named the HIPAA.The HIPAA act prohibited any disclosure of patients’ health recordsto third parties (Grene, 2011). Later HITECH policy was developed asmeans of notifying patients’ when health data breaches occurs.However, the two policies (HIPPA and HITECH) were insufficient insafeguarding patient’s health records(Atchinson, 1997).

In2008 the US Congress made another attempt to formulate newlegislations aimed at enhancing more privacy and protection ofpatient’s data. Protecting and safeguarding the privacy ofpatient’s health records is a constitutional right that the currentMedical Health policy seeks to achieve. The health Insurance andAccountability Act of 1996, provides sets of rules that safeguardsagainst misuse or an authorized access by third parties. The HIPAAsecurity rule sets national standards for electronic healthinformation on all patients. The HIPAA Act has breach notificationrule that requires covered parties to provide information in the eventhere is breach of unsecured data. Lastly the HIPAA hasconfidentiality provisions which protect information used in order toanalyze and improve patients’ safety(Atchison, 1997).

A1Medical Health Records and Safety (HIPAA)

Electronichealth records and the capacity to protect patient data is a subjectof ongoing debate in the American Health sector. There are variouscontroversies surrounding electronic health records, the safety ofpatients and privacy. The implementation of HER raises serious legal,political and ethical debates on its capacity to safeguard patients’data. Despite various government legislations concerning theprotection of patients’ health data, medical health records safetypolicy (HIPAA) remains a doubted policy. Previously, there have beenseveral attempts by the Federal and local governments to reformulatethe electronic health records safety policy (Atchinson,1997).However, past legislations indicate that no satisfactory reprieve hasbeen found. Nonetheless, there is a great improvement in themanagement of patients’ health records. More evaluation andanalysis is required on improving the safety, confidentiality andprivacy patients’ data through HIPAA (Terry,2009).

A1cFinancialImpact of Medical Health Records Policy (HIPPA)

Afteryears of twist and turns, HIPAA privacy rule is effective. HIPAAcontains detailed comprehensive requirements for privacy and datasecurity. The challenge of protecting the confidentiality ofpatients’ data is still prevalent as it was in 1996. Despitevarious reformulation and additional rules, countless people stillhave access to patients’ health data. Doctors, nurses, clericalworkers, third party persons and medical supply companies still haveaccess to patients’ data. However, with the release of finalHITECH-HIPAA Act in 2013 the cost of implementing and maintainingpatients’ health data privacy will be high.

Thereare various cases of data breach involving patients’ record and thenew policy requires serious compliance or costly sanctions fornon-compliance. The new privacy rule will indeed be a force to reckonas all individuals in health sector are required to maintain highlevels of confidentiality. The new Act requires regular audits on theusage, access and transfer of patients’ data. These regularitiesrequire using high encrypted technological devices that safeguardagainst an authorized access to patients data.

Businessassociates and companies providing medical insurance will be audited.All parties involved in health care will be required to conduct riskassessments, update privacy and security procedures, plan and trainworkforce. Under the new HIPAA rules, transfer of patients’ datawill only be allowed under encrypted devices. All these aspectsincrease costs that will be incurred when accessing, creating andtransferring patients’ data. Protecting the privacy of patients’data under the new HIPAA is a continuous process that means morecosts. The new regulations implemented by HIPAA are essential insealing the loopholes created by electronic health records on thesafety of patients’ health records. It is no doubt that theimplementation of the new HIPAA will significantly increase the costsfor implementing electronic health records.

A2Relevance of new HIPAA and Electronic Health Records to Nursing

Onesignificant aspect of electronic health records implementation wasincreased efficiency and reduction in time wasted retrievingpatients’ health records. Electrnic helath records make it easy tofile, record, access, transfer and retrieve patients’ data.However, due to increased theft, transmission, alteration andunauthorized access of patients’ data, the new HIPAA rules willsignificantly impact on nursing. In addition, the implementation ofelectronic health records means that more patients will be served(Wilson,2006).Electronic health records make it easy to file, record, retrieve andaccess patients’ data. As such, under the new HIPAA rules, nurseshave a hard task in ensuring that the privacy of patients’ data iswell preserved. The new HIPAA rules requires extensive ITinfrastructure that safeguards patients’ data. In addition, the newHIPAA rules require that all individuals involved in the handling ofpatients’ data undergo more training. To this end, nurses will berequired to acquire new skills on patient data handling in order tominimize un authorized access, transfer and alteration.

A2aPersonal Values

Theimplementation of electronic health records and the new HIPAA rulesrequires one to make personal adjustment on a number of areas. Inparticular, as a nurse, it is important to uphold high levels ofintegrity, accountability and due diligence. Patients’ trusts thatnurses are important healthcare staffs that are entrusted withpersonal information. To this end, I will uphold high levels ofprofessionalism and desist from sharing patients’ data with othernurses unless under authorized circumstances. In addition, theadoption of new HIPAA rules requires that I adapt to new methods andapproaches of nursing practice. In professional ethics, I plan toadopt the new rules, be sensitive and exercise due obligation in myduty. Lastly, nursing is a selfless profession and one shouldexercise apathy, caution and sincerity when dealing with patients’health data.


Theimplementation of the electronic health records were aimed atensuring that more patients were served efficiently and effectively.Underlying the necessity of electronic health records was expandingthe health cater system to serve more vulnerable people. In this way,Electronic health records are based on the principle of socialjustice equal health care access. Similarly, the new HIPAA rulesguarding against misuse of patients’ data promotes social justice.HIPAA rules strive to enforce strong ethics in the healthcareprofession. In particular, HIPAA rules promotes accountability,integrity, trust and honestly when handling patients’ data. On theother hand, patients feel secured, protected and valued. Theimplementation of HIPAA rules also set standard of health carepractice thereby improving work relations and professionalism inservice provision.

PartB: Policy Brief Development for HIPAA rules

Thispolicy briefs covers the implications of HIPAA Acts on medicalfacilities, patients, healthcare staffs, business associates and theoverall health sector in Nevada. This policy brief is presented tothe Mountain View Hospital CEO Mr. William Wagnon in Nevada. MountainView Hospital is a subsidiary hospital operated by Sunrise HealthcareSystem (Hospital Corporation of America). The policy brief isapplicable to all hospitals in Nevada in the implementation of HIPAAAct.

B1HIPAA Act and Requirements for Decision Makers’ Attention

Theimplementation of the EHRs was aimed at transforming the healthcareservices through efficient service provision. HIPAA Act requiresoptimal protection of patients’ data through health careinformation protection, patient safety rules, confidentialityprovisions and protecting identifiable information from unauthorizeduse(Wilson, 2006).To this end, the CEO at Mountain View Hospital requires to learnabout HIPAA rules in safeguarding patients’ data. HIPAA requiresthat all health facilities, healthcare staffs and third party abideto the set rules on patients’ information data. To this end, theCEO and other management staffs at Mountain View Hospital need tofind ways of implementing HIPAA requirements. The implementation ofHIPAA rules is only possible through shared decision making among allstakeholders in the healthcare facility.

Doctors,nurses, patients and health insurance firms should to participate indecision making on how to implement HIPAA rules for optimal patients’data protection. It through this shared decision making process thatall parties will achieve the objectives of HIPAA (InformedMedical Decisions Foundation, 2013).Besides the shared decision making by all units in the healthcarefacility, progressive decisions will be made by directors anddepartmental managers in order to ensure that HIPAA rules are wellimplemented. However, the Mountain View Hospital CEO Mr. William willprovide guidance and direction on how to implement the HIPAA Actsuccessfully as required by the law.

B2Main Challenges of implementing HIPAA

Theimplementation of HIPAA directives is bound to meet significantchallenged at Mountain View Hospital in Nevada. In particular, HIPAAcompliance rules requires great institutional IT changes in order toprovide privacy and protection of patients’ records are required bylaw. The impact of HIPAA will be felt across all aspects of IToperations in the hospital facility. Operations such as messaging,storage, networking and virtualization will need restructuring inorder to enhance the safety of patients’ records. The new HIPAAguidelines require that health facilities conduct regular audittrials on patients’ health records as compliance.

Newadvanced software such as the event log management software (ELMS)will be required. In addition, there is need for more IT training onhealthcare staffs in accordance to HIPAA rules. These regulationsrequire extra costs and this might be creating a challenge inimplementing the HIPAA guidelines. Another challenge that mightaffect the implementation of HIPAA at Mountain hospital is regulatingwireless devices that are used in transmitting data. Evidenceindicates that compliance to HIPAA is still a tricky issue for manyhealthcare facilities. However, great plans are needed to implementHIPAA rules to avoid penalties and fines.

B3Primary Interventions for Decision Makers in Implementing HIPAA

Inthe implementation of the HIPAA guidelines for effective managementof electronic health records, there are key sensitive aspects thatshould be focused on. In particular, decision makers at Mountain ViewHospital needs to institute measures that guarantee the safety ofpatients records. The primary intervention measure involves settingup an IT infrastructure capable of transmitting and storing patients’health information as required by HIPAA (Wafa,2010).A well designed IT infrastructure will lay down an importantframework for effective management of EHR. To this end, it is alsoimportant that the hospital learns how to build good complianceprogram for HIPAA. This means setting up regular compliance audits.

Thegoal for primary intervention is setting standardized mechanism forsecurity and confidentiality of all healthcare data. It is importantthat decision maker’s device control measure that helpsorganizations’ workforce complies with HIPAA to reduce chances ofdata loss. Lastly, it is important that decision makers setcompliance audit for business associates related to the healthcarefacility. Overall, intervention measures for HIPAA need to beintegrated in the health facility daily management activities.Importantly, training for all health staffs and associates will beuseful in meeting the requirements of HIPAA.

B4Course of Action for the Implementation of HIPAA by Decision Makers

Inorder to ensure that the HIPAA guidelines are well implemented in theelectronic health records at Mountain View Hospital, there is need toconduct systemic evaluation on existing EHR processes. It isimportant that evaluation is conducted on all IT infrastructures inorder to establish weak areas where HIPAA rules will be applied most.It is through this evaluation that a comprehensive plan will be drawnin order to streamline activities at the hospital in line withprotecting patients’ records(Wafa, 2010).As such, in order to implement the HIPAA Act effectively in Nevadahealth facilities, the following recommendation are important

  1. All health facilities require critical evaluation in order to assess how HIPAA Act requirements will be implemented.

  2. Evaluation of business associates, Nevada health insurance and other third parties who use patients’ health information.

  3. Assessing health workers competency in relation to their ability to use patients’ data confidentially.

  4. Modification of the IT infrastructure in all health facilities to allow for the implementation of HIPAA guidelines.

  5. Developing training programs for HIPAA and compliance audit trail programs.

Theimplementation of HIPAA directives requires all healthcare facilitiesconduct critical evaluation on the IT infrastructure to establishtheir capacity in delivering the requirement of HIPAA. To this end,it is important to have external auditors who will evaluate the HERsystems to assess measures needed to make the systems HIPAAcompliant. Secondly, it is important that evaluation be conducted onall third parties who rely on patient’s data. This is necessary inorder to establish rules of engagement as stipulated by HIPAA inprotecting patients’ data during transmission and sharing (WolfM, 2006).

Accordingto recent statistics it has been found that most data theft cases areassociated with third parties (Atchinson,1997). It is important that health workers ability to work with electronichealth records be assessed. Nurses and doctors require more trainingon how to utilize the information technology in safeguardingpatients’ data. Modification of the existing IT infrastructure isnecessary in order to align it with compliance level required byHIPAA. Lastly, decision makers need to establish mechanism throughwhich regular audits will be conducted on EHR.

B5Evaluation of the Success of the New HIPAA Oriented Policy


Evaluationof the new HIPAA guidelines will be evaluated through the top-downapproach. Top-down management approach is necessary because HIPAArules require health facility managers to offer guidelines on theimplementation of patients’ health record protection. Mangers anddepartmental heads have adverse experience and thus it is importantto have a top-down implementation approach. In order to effectivelyimplement HIPAA guidelines, top management in health facilitiesshould give recommendations and directions to subordinates. Anexternal audit body is important in order to assess if thesubordinates implement HIPAA requirements as recommended by thetop-management (ManagementSciences for Health. 2004b).

Subordinatesshould seek opinion from the top management before any patient datais shared. The top-down management approach is effective inimplementing the HIPAA guidelines since most subordinates areinexperienced. In this case, the top-down policy change will start atlocal level government at Nevada and flow to local health careregulation boards (ManagementSciences for Health. 2004a).The health care regulation boards will in turn work with health caremanagers in implementing the new HIPAA Act.


Althoughthe top-down approach is effective in implementing the HIPAA Act withless time wastage, the bottom-up approach is also effective inimplementing and evaluating HIPAA Acts. In the bottom-up approach,subordinates give recommendations on how HIPAA could be implementedeffectively to safeguard patients’ records (Altmanand Petkus, 1994).Doctors, nurses, clerical officers and patients would be affected bythe new HIPAA rules. As such, it is important to collaborate withsubordinates when implementing the new policy. It is important thatpatients, nurses and doctors have some ‘voice’ before the newHIPAA rules are implemented. Collaboration allows for efficientadoption and implementation of the new directives. In this case thetop-management decision makers should work with nurse, doctors andpatient leaders(Pope and Hexum, 2013).

PartC: Plan for Addressing the HIPAA Integration in Mountain ViewHospital

Thissections focus on how various stakeholders in Nevada can integratethe various requirements of HIPAA. Stakeholders involved in theimplementation of HIPAA rules involve health insurance companies,employers, patients, nurses, doctors and the health facilities. Tothis end, the implementation of HIPAA will be done in accordance tothe interests of all stakeholders involved (Castro,Barrera &amp Holleran-Steiker, 2010).The tenets of HIPAA requirements can only be effectively appliedthrough a community based approach.

C1Stakeholder Interests in the HIPAA Act Implementation

Theimplementation of HIPAA rules affects diverse set of stakeholders inthe community. In particular, health institutions carry the greatestresponsibility in ensuring that all processes within the facilitysafeguards patients’ data. Health institution managers shouldinstitute training programs and re-structure IT systems in accordanceto HIPAA rules. Health insurance companies are important stakeholderswhose interest will be considered during HIPAA rules implementation.Employers are also affected by HIPAA rules especially on patientshealth records(Wolf M, 2006).Nurses and doctors are the main users of patients’ health data. Assuch, it is important to collaborate with physicians and nurses inensuring that patients’ data is well protected.

C2aCommunity Based Participatory Research

Theimplementation of HIPAA Act is a community based participatoryexercise. All stakeholders will be engaged in implementing HIPAAdirectives through the element of collaborative partnership, unity,cyclic and iterative processes(Altman and Petkus, 1994).

C2bCommunity Based Participatory Research &amp HIPAA Implementation

Allstakeholders are considered as single unit in the implementation ofHIPAA rules. In this case, collaboration is vital in ensuring thatpatients’ health records are well protected. It is when allstakeholders work in a community based participatory approach thateffective implementation of HIPAA Act will be achieved. This will bedone through continuous iterative process to build strengths andreduce loopholes where non-compliance to HIPAA Act may occur.

C2cActions to apply in Achieving Alignment

Groupdiscussions and engagements will form an important framework ofachieving efficient implementation of HIPAA Acts. This will beachieved through continuous discussions with important members in theindustry, departments and subordinate staffs.

C2dRoles &amp Responsibilities in Problem Solving

Problemsarising from the implementation of HIPAA Act will be solved throughthe local Nevada authority that regulates healthcare facilities.Issues arising from information theft, misuse or misunderstanding onHIPAA implementation should be solved by health facility managers.The top-management in every health institution has authority toprovide directions arising matters(Management Sciences for Health. 2004a).However, a collaborative approach must be used in which allstakeholders are involved in problem solving.

C2eCollaborative Evaluation Plan

HIPAAAct requires that regular compliance audits be conducted to assesscompliance to the required guidelines on patient data protection. Assuch, it is important to have a collaborative evaluation plan inwhich all stakeholders agree on a specific approach of auditing theuse of patients’ data. Standards and metrics will be agreed on andaccepted by all stakeholders. The success of the community plan willdepend on how standards are applied. Each stakeholder has a role toplay in the implementation and evaluation of HIPAA. These procedureswill ensure successful implementation of the community plan policy(Altmanand Petkus, 1994).

PartD: Strengths and Challenges in Top-Down &amp Bottom-Up Approaches inHIPAA

Theimplementation of HIPAA has various implications on variousstakeholders. The rules stipulated by HIPAA poses great challenged intheir implementation. The top-down approach is important in guidingthe subordinates on how to implement HIPAA Acts. However, theimplementation of HIPAA Act requires a bottom-up approach since theinterests of other stakeholders’ matters(Castro, Barrera &amp Holleran-Steiker, 2010).To this end, the top-down and bottom-up approach has strengths aswell as weaknesses.

D1Strengths of the Two Approaches

Thetop-down approach is useful especially when control and direction isrequired by subordinates. HIPAA Act has strict rules on patients’health records. In this case, a top-down approach is importantbecause managers will set clear goals and objectives(Matland, 1995).When policies such as HIPAA fail, it is the top-management that isheld accountable and thus a top-down approach ensures efficientimplementation. The bottom-up approach is useful because theinterests and inputs of subordinates are incorporated in theimplementation plan.

D2Challenges of the Two Approaches

Thetop-down approach is expensive more funds will be required to hireexternal auditors to assess the effectiveness of the implementedpolicy. In addition, the top-down approach is bureaucratic and it maytake time before actual directives are implemented(Altman and Petkus, 1994).In some cases, top-down approach policy change is not wellimplemented because the subordinates may have insufficient knowledge.On the other hand, the bottom-up approach is time consuming andexpensive. Great deal of time is used in consultations and consensusbuilding leading to delay in policy implementation(Gagnon, Turgeon and Dallaire, 2007).

D3Recommended Approach for HIPAA Implementation

Theimplementation of HIPAA Act requires adequate collaboration andpartnership among different stakeholders. However, adequateimplementation of HIPAA is achieved when implementation directionsare provided by the regulating authority or top-management. On theother hand, the interests of all stakeholders are important and thismeans inputs from interest group are vital. To this end, the best wayto implement HIPAA Act is through a mixed approach. A blend betweenthe bottom-up and top-down approach is important in this case. Forinternal implementation of HIPAA Act within a health facility atop-down approach is useful. However, a bottom-up approach isrequired when making decision on how HIPAA Acts are implemented.


Altman,J.A., and E. Petkus, Jr. (1994). “Toward a Stakeholder-based PolicyProcess: An Application of the Social Marketing Perspective toEnvironmental Policy Development.” PoliticalSciences 27:37–51.

Atchinson,Brian K. Fox, Daniel M. (May–June 1997). &quotThePolitics of the Health Insurance Portability and Accountability Act&quot(PDF). HealthAffairs16(3): 146–150.

Castro,F. G., Barrera, M., &amp Holleran-Steiker, L. (2010). Issues andchallenges in the design of culturally-adapted evidence-basedinterventions. AnnualReview of Clinical Psychology,213–239.

Gagnon,Francois, Jean Turgeon, and Clémence Dallaire, (2007). “HealthyPublic Policy: A Conceptual Cognitive Framework.” HealthPolicy 81:42–55.

ManagementSciences for Health. (2004a). “Leading the Change Process.” TheManager 13(3): 9–15.

ManagementSciences for Health. (2004b). “Preparing Your Team for Change.”TheManager 13(3): 16–18.

Matland,Richard. (1995). “Synthesizing the Implementation Literature: TheAmbiguity-Conflict Model of Policy Implementation.” Journalof Public Administration Research and Theory 5(2):145–174.

Pope,T. M., &amp Hexum, M. (2013). Legal briefing: Shared decision makingand patient decision aids. Journalof Clinical Ethics 24(1),70-80.

Terry,Ken. (2009). &quotPatientPrivacy – The New Threats.&quotPhysiciansPractice journal, volume19, number 3.

Wafa,Tim. (2010). &quotHow the Lack of Prescriptive Technical Granularityin HIPAA Has Compromised Patient Privacy&quot. Northern IllinoisUniversity Law Review, Volume 30, Number 3.

WilsonJ (2006). &quotHealth Insurance Portability and Accountability ActPrivacy rule causes ongoing concerns among clinicians andresearchers&quot. AnnIntern Med145(4): 313–6.

WolfM, Bennett C (2006). &quotLocal perspective of the impact of theHIPAA privacy rule on research.&quot Cancer106(2): 474–9.