CONFIDENTIALITY & HIPAA

Compliance Training for Healthcare Employees

Melissa MorrisMHA 690 Health care Capstone

Dr. Sherry Grover

Confidentiality Practiceso Understanding HIPAA

o Its purposeo Penalties & Sanctionso What is HIPAA all about?

o Review of Handbook

o Acknowledgement & Certification

ObjectivesUnderstand HIPAA

Understand Aloha Health’s Policies and Procedures on Confidentiality

Recognize that confidentiality integrity is an on-going process

Know your resources

What is HIPAA?Health InformationPortabillity andAccountability Act

HIPAA governs the privacy rights of patients and the

confidentiality of medical records

Federal Law

The Purpose of HIPAAProtect individuals from the adverse effects of

improper disclosure of protected health information.

Protect against unauthorized and inappropriate use of protected health information.

Establish a standard set of provisions, that if followed, provide evidence that the health care institution properly handled and disclosed private medical information.

Penalties and SanctionsGeneral Business Practice Violation

$100,000 for violations that have occurred with such frequency as to constitute a general business practice.

PLUS Civil action may be brought against any person or entity who violates the law.

Civil Penalties ANY VIOLATION

$100 for each and every act or violationnot to exceed $25,000 per person forsingle standard per calendar year

“KNOWING” VIOLATION

$50,000 - $250,000 fines dependent upon if misuse is under ‘false pretenses’or with intent to sell for personal gain ormalicious harm

Criminal SanctionsUp to 1 year

-Wrongful disclosureUp to 5 years

-Wrongful disclosure under false pretenses

Up to 10 years-Wrongful disclosure under false pretenses or knowingly or intentionally sell or transfer such protected information for commercial advantage, personal gain, or malicious harm.

Individual RightsInspect and copy your records and appeal any denial.

Request tat the health care provider attach information to your medical records.

Request that Aloha Health disclose information to your insurance company. You will need to pay for services ahead of time.

Minors over 14 years of age may refuse, over parental objections, to authorize the disclosure of information.

Request a copy of Aloha Health’s explanation of confidentiality practices. A brochure has been created for this purpose.

Physical Safeguards

Workstation area security

Keys and Locks

Media controls

Limited access

Technical Security & AwarenessLog off

Unique passwords

E-mail access & usage

Internet access & usage

Network access & controls

Good Computer Practices

GOOD FOR YOU!

Remember to logoff from your terminal when you leave your work area.Use your unique password to access any system.Position your terminals out of public viewCreate a password that is hard for others to guess at. For instance use a mix of numbers and alphabets. Don’t let others “steal your identity”. Make it as unique as you are!

GOOD HEAVENS!

Don’t share your password with anyone.Don’t leave your terminal logged on and unattended even for a “little while.”Don’t use sequences of alphabets or numbers or information others know about you.Don’t install hardware or software to your PC workstation without first getting approval from the Information Services Manager and Senior Administration.

Resources and ContactsSupervisor or Manager

Compliance Contacts: Jane Records (808) 555-1212 Simon Compliances (808) 555-1313

Aloha Health Compliance line800-555-1212

ResourcesKongstvedt, P.R. (2007). Essentials of

managed health care (5th ed.). MA: Jones and Bartlett Publishers.

U.S. Department of Health and Human Services. The Health Insurance Portabillity and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. Retrieved from www.hhs.gov

Wolper, L.F. (2011). Health care administration: Managing organized delivery systems (5th ed.). Sudbury, MA: Jones and Bartlett Publishers.