Confidentiality is the act of protecting all personally identifiable data, information, and records collected, used, or kept by a healthcare organization. Confidentiality requirements also apply to discussions about patients and patient’s records. In this training module we will look at the importance of confidentiality and HIPAA within healthcare.
In today’s training, we will review HIPAA, the policies and procedures on confidentiality here at Aloha Health, how to you as an employee will be able to recognize that confidentiality integrity is an on-going process, and what resources are available for reference.
Physical safeguards practiced everyday can ensure compliance to confidentiality and HIPAA policies. Locking workstations when left unattended, having media control in place to ensure secure access to records such as usernames and passwords, and limiting access to those who should be authorized to access information can aide in compliance with confidentiality and HIPAA policies
Compliance Training for Healthcare Employees Melissa Morris MHA 690 Health care Capstone Dr. Sherry Grover
Confidentiality Practiceso Understanding HIPAA o Its purpose o Penalties & Sanctions o What is HIPAA all about?o Review of Handbooko Acknowledgement & Certification
Objectives Understand HIPAA Understand Aloha Health’s Policies and Procedures on Confidentiality Recognize that confidentiality integrity is an on-going process Know your resources
What is HIPAA? Health Information Portabillity and Accountability Act HIPAA governs the privacy rights of patients and the confidentiality of medical records Federal Law
The Purpose of HIPAA Protect individuals from the adverse effects of improper disclosure of protected health information. Protect against unauthorized and inappropriate use of protected health information. Establish a standard set of provisions, that if followed, provide evidence that the health care institution properly handled and disclosed private medical information.
Penalties and SanctionsGeneral Business PracticeViolation $100,000 for violations that have occurred with such frequency as to constitute a general business practice. PLUS Civil action may be brought against any person or entity who violates the law.
Civil Penalties ANY VIOLATION $100 for each and every act or violation not to exceed $25,000 per person for single standard per calendar year “KNOWING” VIOLATION $50,000 - $250,000 fines dependent upon if misuse is under ‘false pretenses’ or with intent to sell for personal gain or malicious harm
Criminal Sanctions Up to 1 year -Wrongful disclosure Up to 5 years -Wrongful disclosure under false pretenses Up to 10 years -Wrongful disclosure under false pretenses or knowingly or intentionally sell or transfer such protected information for commercial advantage, personal gain, or malicious harm.
Individual Rights Inspect and copy your records and appeal any denial. Request tat the health care provider attach information to your medical records. Request that Aloha Health disclose information to your insurance company. You will need to pay for services ahead of time. Minors over 14 years of age may refuse, over parental objections, to authorize the disclosure of information. Request a copy of Aloha Health’s explanation of confidentiality practices. A brochure has been created for this purpose.
Physical Safeguards Workstation area security Keys and Locks Media controls Limited access
Good Computer Practices GOOD FOR YOU! GOOD HEAVENS! Remember to logoff from your Don’t share your password with terminal when you leave your anyone. work area. Don’t leave your terminal logged Use your unique password to on and unattended even for a access any system. “little while.” Position your terminals out of Don’t use sequences of alphabets public view or numbers or information Create a password that is hard for others know about you. others to guess at. For instance Don’t install hardware or software use a mix of numbers and to your PC workstation without alphabets. Don’t let others “steal first getting approval from the your identity”. Make it as unique Information Services Manager as you are! and Senior Administration.
Resources and Contacts Supervisor or Manager Compliance Contacts: Jane Records (808) 555-1212 Simon Compliances (808) 555-1313 Aloha Health Compliance line 800-555-1212
Resources Kongstvedt, P.R. (2007). Essentials of managed health care (5th ed.). MA: Jones and Bartlett Publishers. U.S. Department of Health and Human Services. The Health Insurance Portabillity and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. Retrieved from www.hhs.gov Wolper, L.F. (2011). Health care administration: Managing organized delivery systems (5th ed.). Sudbury, MA: Jones and Bartlett Publishers.