Jodi M. WatkowskiMHA690- Health Care CapstoneDr. Hwang-Ji LuFebruary 2, 2012
Ways to protect the privacy and security of confidential and protected health information To recognize situations in which confidential and protected health information can be mishandled That employees are held responsible for their actions HIPPA identifiers which create protected health information (PHI)
It is the responsibility of every employee to protect the privacy and security of sensitive information in all forms. Sensitive information comes in several forms: Electronic Spoken Printed
Examples of sensitive information include the following: Personnel information Computer Passwords Driver’s License Numbers Credit Card Numbers Social Security Numbers Without protection of the above, the risk of identity theft and invasion of privacy is greater.
Access to medical records must be authorized. If an employee accesses or discloses PHI without a patient’s written authorization or without a job-related reason of doing so, the employee violates HIPPA. An employee may only access or disclose a patient’s PHI when this access is part of the employee’s job duties.
An employee can never look at PHI for curiosity reasons. It also makes no difference if the person is a family member or close friend; all information is entitled to the same protection.
Employees must report HIPPA breaches as part of their responsibility as an employee. Privacy or security breaches involving PHI should be reported to your supervisor. There are serious ramifications for all breaches. The cost is $50,000 per incident, $50,000 to $250,000 in fines and up to 10 years in prison.
Individual rights for each patient includes: Receiving a copy of the practice’s Notice of Privacy Practices Request restrictions and confidential communications of their PHI Inspect their healthcare records To file a complaint
Patients must sign an authorization form before their PHI may be released by the practice to outside parties such as a life insurer, a bank or a marketing firm. HIPPA permits use of PHI for Providing medical treatment Processing healthcare payments Conducting healthcare business operations
CCHS is required to have safeguards to protect the privacy of PHI. Safeguards protect PHI from accidental or intentional unauthorized use. Limit accidental disclosures (discussions in hallways) Include document shredding, locking doors, locking file storage areas and use passwords and codes for access.
CCHS safeguards sensitive information by ensuring the following: Keeps browser updated and uses security settings Uses security software Takes extra precaution when downloading software
Many security breaches come from within the organization and many of these occur because of poor password habits. Use strong passwords (at least 8 characters with combination of letters and numbers) Change password frequently
Be aware of your surroundings and use caution. Do not discuss sensitive information or PHI in public areas.
Keep passwords secret and don’t allow others access to your computer. Keep notes in a secure place and don’t leave them in open areas. Hold discussions of PHI in private areas and for job- related reasons only. Ensure that sensitive information is secure in mailings. Follow procedures for proper disposal of PHI such as shredding. When sending emails, do not include PHI unless written approval is received and the computer is encrypted.
Hjort, B. (2002). HIPAA Privacy and Security Training. Journal Of AHIMA, 73(4), 60A-g. Kongstvedt, P.(2007). Essentials of Managed Care. (5th Edition). Sudbury, Mass: Jones and Bartlett Publishers.