Your SlideShare is downloading. ×
Mc connell pp_ch25
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Mc connell pp_ch25


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Umiker's Management Skills for the New Health Care Supervisor, Fifth Edition Charles McConnell
  • 2. Chapter 25 Privacy and Confidentiality, Employees and Clients
  • 3. Privacy Today
    • There is a growing belief in American society concerning the right of the individual to privacy. There are also increasing doubts about how the government might use information that it collects about individuals.
  • 4. Privacy and the Law
    • Title VII of the Civil Rights Act of 1964
    • Privacy Act of 1974
    • Employee Polygraph Protection Act of 1988
    • Employee Polygraph Protection Act of 1988
  • 5. Personnel Files
    • Considered the property of the employer., but any organization having a privacy policy in place will strictly limit access to personnel files to those having a legitimate need for the information
  • 6. Employee Searches
    • Every organization should have an official policy governing such searches, publicized so that employees know that searches can occur and the basis for the searches, specifically whether they can to occur at random or for reasonable cause or both.
  • 7. Employee Health Records
    • Once integrated into personnel files, employee health records are now considered legitimate medical records and thus subject to stricter rules of accessibility.
  • 8. Patient Privacy and Confidentiality
    • Patient records should always be held in the strictest confidence. It is a violation of ethical principles to reveal patient information to anyone outside of the organization without proper authorization.
  • 9. Patient Privacy and Confidentiality
    • No information about a patient’s condition—not even acknowledgment that the individual is a patient—should be given out without the express permission of the patient (or individual empowered to act for the patient).
  • 10. Information Security
    • Health information management (HIM) employees must fully orientated and trained.
    • All HIM employees should be required to complete a confidentiality statement.
    • Students, researchers, and others having access to health care data should receive be oriented and sign a confidentiality statement.
  • 11. Information Security
    • Provisions for data security should be included in any contract for external services.
    • All requests for the release of information should be processed centrally in HIM.
    • Detailed rules should be developed and enforced to limit the use of health care data.
  • 12. Information Security
    • There should be appropriate safeguards for computerized processing and storage of health information.
    • Only persons with a legitimate and verifiable need to know should be permitted access to confidential health care information.
  • 13. “HIPAA”
  • 14. HIPAA Title II
    • HIPAA consists of Titles I, II, III, IV, and V. It is Title II, devoid of any significant reference to health insurance, that addresses privacy and confidentiality.
  • 15. HIPAA Title II
    • The full name of Title II is: “Preventing Health Care Fraud and Abuse, Administrative Simplification, and Medical Liability Reform.”
    • Within Title II is the “Privacy Rule”
  • 16. Intent
    • The law was intended to strike a balance between ensuring that personal health information is accessible only to those who truly need it and permitting the health care industry to pursue medical research and improve the overall quality of care.
  • 17. Reality
    • The applicable portions of Title II created much work and expense for health care providers and organizations that do business with them, plus creating inconvenience and often frustration for patients and their families.
  • 18. Public Reaction
    • Patients and patient advocates claimed that these new requirements were forcing people to choose between access to medical care and control of their personal medical information.
  • 19. Patients’ Rights Under HIPAA
    • Patients are entitled to know how their personal medical information will be used or disclosed.
    • Patients may request and receive copies of their health records.
    • Patients may ask for corrections, amendments, or restrictions to their personal medical information.
  • 20. Patients’ Rights Under HIPAA
    • Patients may request a full accounting of disclosures of their personal medical information.
    • Patients may file complaints if they believe their privacy rights have been violated.
  • 21. Patients’ Rights Under HIPAA
    • Employers and marketers are prevented from obtaining patient medical information without the patient’s express written authorization.
    • A hospital inpatient may forbid the facility to release information on his or her medical condition to anyone.
  • 22. Non-Consent Uses
    • There are a number of instances in which personal medical information can be used without patient consent. These are related mostly to research and public health uses, and patient identification is removed.
  • 23. Widespread Requirements
    • All health care plans and providers and all other organizations that serve the direct providers of health care, such as billing services and medical equipment dealers. All affected entities must: (next)
  • 24. Widespread Requirements
    • Safeguard patient information in all forms from unauthorized use or distribution.
    • Protect patient information from misuse.
    • Implement specific data formats and code sets for consistency of and preservation.
    • Establish audit mechanisms to safeguard against fraud and abuse.
  • 25. Widespread Requirements
    • Contracts with involved organizations must:
    • Define the proper uses of all patient data;
    • Specify audit mechanisms and safeguards;
    • Require disclosure when patient information is improperly used or disclosed; and
    • Call for the destruction or return of protected patient information when no longer needed.
  • 26. Departmental Involvement
    • Privacy rule compliance involves:
    • Information technology;
    • Health information management;
    • Social services;
    • Finance;
    • Administration; and
    • Various ancillary or supporting services.
  • 27. Effects on Systems
    • The HIPAA Privacy Rule created a widespread need for health care providers to reengineer their systems to protect their patient information infrastructures and combat misuse and abuse.
  • 28. HIPAA and the Supervisor
    • Depending on the kind of activity you supervise, the requirements of HIPAA can significantly affect your role. In some departments you may never have to concern yourself with HIPAA; in others HIPAA will be with you daily.