Confidentiality & privacy


Published on

Confidentiality & Privacy Training

Published in: Health & Medicine, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Cont……. Next page
  • References:AMA Retrieved by resourcesRichard, Francine E-How Contributor (2012), Confidentiality Training, Retrieved by
  • Confidentiality & privacy

    1. 1. Think about the amount of information and records that you maintain about employees. Now, think about the valuable information you possess about your clients and customers. Do you treat those two groups of data the same when it comes to confidentiality? Employment attorneys warn that some employers arent. Theyre taking a substantial risk by plowing more time and effort into protecting client information and shrugging off employeedata privacy. One problem hindering the effort is lax supervisor attitudes about the importance of privacy. The fact is confidentiality can quickly become a legal issue in many workplace decisions and activities. While certain employment-related data obviously must be protected, here are a
    2. 2. What is a breach ofconfidentiality?A breach of confidentiality is a disclosure to a third party,without patient consent or court order, of private informationthat the physician has learned within the patient-physicianrelationship. Disclosure can be oral or written, by telephoneor fax, or electronically, for example, via e-mail or healthinformation networks. The medium is irrelevant, althoughspecial security requirements may apply to the electronictransfer of information.The legal basis for imposing liability for a breach ofconfidentiality is more extensive than ethical guidelines,which dictate the morally right thing to do. Although currentlaw in this area has been referred to as "a crazy quilt of stateand federal law," protecting patients confidentiality is thelaw of the land. Included in the patchwork are federal andstate constitutional privacy rights, federal and statelegislation and regulation governing both medical recordsand licensing, and specific federal and state legislationdesigned to protect sensitive information (e.g., HIV testresults, genetic screening information, mental health records,and drug and alcohol abuse rehabilitation information).
    3. 3. Patient consent to release confidential or privileged informationThe general rule regarding release of a patients medical record is that information contained in a patients medicalrecord may be released to third parties only if the patient has consented to such disclosure. The patients expressauthorization is required before the medical records can be released to the following parties: patients attorney orinsurance company; patients employer, unless a workers compensation claim is involved; member of the patientsfamily, except where the family member has been appointed the the patients attorney under a durable power ofattorney for health care; government agencies; and other third parties. Some state laws expressly allow disclosure toany person upon consent of the patient. Other state laws permit release on patient consent only to specified classesof persons. Further, once the patient has given consent to release the record, the disclosure requirement may bemandatory for the holder of the medical record or merely permissive.HIPAA has created additional patient confidentiality considerations. Under the privacy regulations, covered entitiesmay usually release protected health information without authorization only to facilitate treatment, payment orhealth care operations. Visit the AMAs HIPAA Web page for further information.Managed care organizations (MCO) frequently require members to sign a general release form on enrollment in theplan. These forms authorize the release of medical information to the MCO. Typical language used in a releasemight be "that any provider may furnish the MCO such medical information as may be required and that themember acknowledges the MCOs right to conduct a professional utilization review program of health services andto coordinate benefits and/or reimbursements with other health or insurance programs." Before forwarding medicalrecords to an MCO, utilization review programs or other health programs, physicians, hospitals, and others shouldget a signed copy of the patients release of medical records.
    4. 4. Who can consent to the release?Who may grant permission to release medical record information is likewise governed by state law.Generally, the authority to release medical information is granted to: (1) the patient, if a competentadult or emancipated minor; (2) a legal guardian or parent if the patient is incompetent or a minorchild; and (3) the administrator or executor of the patients estate if patient is deceased. The patientsright to authorize release of medical records is codified in many state statutes. These statutes all statethat medical records are confidential and cannot be disclosed, except in specifically providedcircumstances. However, the extent of the patients right to access varies from state to state. Somestates allow the health care professional or provider to determine patients right of access. Incomparison, some states expressly grant patients access to the medical information contained in theirmedical records.
    5. 5. Implied consent and public policy exceptions or requireddisclosuresA patients consent to disclosure of confidential information contained in a medical record may also be implied from thecircumstances. For example, medical personnel directly involved in a patients care or treatment generally have access tothe medical record. Even if the patient has not expressly authorized disclosure of his or her medical record, such consentis implied from the patients acceptance of treatment or hospitalization. Consent is also implied when a patient istransferred from one health care practitioner or facility to another. In such circumstances, disclosure of confidentialpatient information may be necessary to ensure continuation of patient care or treatment. State and federal statutes mayalso authorize or require disclosure of medical records to health care professionals or providers involved in the patientstreatment or upon transfer of the patient from one facility to another.Safeguarding patient confidences also is subject to certain exceptions that are ethically and legally justified because ofoverriding social considerations. If there is a reasonable probability that a patient will inflict serious bodily harm onanother person, for example, the physician should take precautions to protect the intended victim and notify lawenforcement authorities.Communicable diseases and gunshot and knife wounds should be reported as required by applicable statutes orordinances. Thus, the physicians duty of confidentiality at times must give way to a stronger countervailing societalinterest.
    6. 6. Why protecting patient confidentiality is still importantEthics and laws regarding confidentiality evolved long before the information highway was envisioned. The old laws and ethicalprecepts do not always fit neatly with todays computerized systems. Given the difficulties with compliance, some physicians andnetworks have only paid lip service to protecting patient confidentiality. This approach is short-sighted and unwise. The law willgradually catch up with the new system and seek to protect confidential patient information. In the interim, physicians shouldattempt to protect information to the extent possible and to comply with the "crazy quilt" of federal and state laws.Physicians should inform patients of the limits of confidentiality protections and allow the patients to decide whether treatmentoutweighs the risk of the disclosure of sensitive information. A patient expects to have his or her privacy respected by the physicianand should not be disappointed. If a record must be released, the patient should sign an appropriate release authorizing the disclosureof information in the medical record. General releases will not suffice for records containing HIV or other sensitive material.Physicians should become familiar with laws involving the duty to maintain confidentiality. Any breach in confidentiality—even onethat seems minor—can result in mistrust and, possibly, a lawsuit and/or disciplinary action.
    7. 7. Tools and FormsThe DVD also includes a valuable Online quiz tool that you can download and distribute to your staff.With this online quiz trainers can use to verify that staff watched and understood, how to remain HIPAAcomplaint in the workplace.Who will use this video training tool?• Privacy officers• Security officers• HIPAA compliance officers• Corporate compliance officers• HIM Directors and ManagersWho should watch this video?Every member of your healthcare staff, whether they work in:• Acute care hospital• Long-term care• Rehab• Physician practiceReviewed by:Kate Borten, CISSP, CISM, is president of The Marblehead Group of Marblehead, MA. She providesprivacy and security assessments, regulatory compliance audits, and program development guidance toclients across the healthcare industry. She is a nationally-recognized expert on HIPAA and healthinformation privacy and security, and a frequent speaker on these topics. She is the author of HIPAASecurity Made Simple, The HIPAA and HITECH Toolkit, the 2009 HIPAA Training Handbook series, allfrom HCPro, Inc., and is a member of HCPros Briefings on HIPAA editorial advisory board.Save money when you purchase multiple copies! Ask your customer service representative aboutmoney-saving discounts and bulk orders. Call toll free 800-650-6787 or : HCPro, IncProduct Types :VideosDepartments :Other Corporate Compliance ProductsOther Health Information Management Products