Welcome to the HIPPA, Privacy & Security Training

MHA 690 Health Care CapstoneVeronica L NelsonDr. Hwang-Ji Lu

May 9, 2016

The importance of confidentiality• Confidentiality means making sure that

information is only available to those who are authorized to have access

• Usually, this will mean keeping things secret between the client and you as the worker.

• As the medical staff, you will be privy to information that should not be shared with your personal family members or even the patient’s family.

What does confidentiality mean?The information disclosed to a physician by a patient should be held in confidence.• The patient should feel free to make a full

disclosure of information to the physician or medical staff in order to make the most effective medical decisions or the services needed.

• The patient should be able to make this disclosure with the knowledge that the medical professional and their staff will respect the confidential nature of the communication.

Patient PrivacyThe privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information whether it is stored on paper or electronically.

Revisit HIPPA Law• Makes it easier for people to keep health

insurance• Protect the confidentiality and security of health

care information • Gives patients the rights over your health

information and set rules and limits on who can look at or receive the patients health information.

• Assist the healthcare industry to control administrative cost

What information is protected?

Information your doctors, nurses, and other healthcare providers put in yourmedical record.• Conversations your doctor has had about your care or treatment with nurses andother healthcare professionals.• Information about you in your health insurer's computer system.• Billing information about you from your clinic/healthcare provider.• Most other health information about you, held by those who must follow this law.

Examples of confidentiality violations

• Insider snooping - This refers to family members or co-workers looking into a person’s medical records without authorization.

• Releasing wrong patient's information - Through a careless mistake, someone releases information to the wrong patient.

• Releasing information to an undesignated party • Unprotected storage of private health information• Discussing private health information in public areas of

the hospital• Not logging off your computer or a computer system that

contains private health information• Including private health information in an email sent over

the Internet

Confidentiality violations Consequences

• The fine for a first time infringement by someone who did not know they violated HIPAA could be as low as $100 or as high as $50,000.

• The fine for a violation due to willful neglect, but corrected within the required time period, is a minimum of $10,000 per violation with a maximum of $50,000.

• The fine when the willful neglect violation is not corrected increases from $10,000 to $50,000.

How to avoid confidentiality violations

• Never use a patient's PHI for personal gain. • Never snoop in a patient’s medical records• Never share PHI with people who have no legitimate

reason to know the information• Never share your computer passwords and log on

information• Never leave a computer unattended without logging off of

the computer. • Never communicate PHI to a patient by a method that the

patient has not approved.• Never discuss a patient's PHI in such a manner that other

individuals with no right or need to know the information can overhear the information

Employers responsibility

Implementing computer proceduresImplement social media/HIPA security measuresReinforcing the severity of penalties explained and enforcedEach year, hospital staff members review policies that address patient and employee confidentiality

References

Cohen, L. T., Millock, P. J., Asheld, B., & Lane, B. (2015). Are Employers Responsible for an Employee’s Unauthorized Review of a Patient’s Confidential Health Information?. Journal of the American College of Radiology, 12(4), 412-414.DiCorcia, M. J., Duggan, A., & Petronio, S. (2012). Navigating Ethics of Physician-Patient Confidentiality: A Communication Privacy Management Analysis.

Petronio, S., DiCorcia, M. J., & Duggan, A. (2012). Navigating ethics of physician-patient confidentiality: a communication privacy management analysis. Perm J, 16(4), 41-5.Suthers, G. (2013). PATIENT CONFIDENTIALITY: WHEN GOOD INTENTIONS ARE NOT ENOUGH. Pathology-Journal of the RCPA, 45, S3.