BreachofconfidentialityatUCLAbyover120employees• As Fox news reported the California Department of Public Healthreleased a statement stating that over 120 hospital staffinappropriately viewed patient health records between January of2004 and June of 2006. (www.foxnews.com) The blame falls directlyon the hospital administrators for not taking appropriate steps toensure this type of activity does not occur by adequately trainingtheir staff as to what the appropriate uses of patient information is.Since this is a problem with current staff a new training protocolshould be implemented to train, retrain, or refresh all staff on HIPAAguidelines in protecting the privacy of patients. New hires will alsobe required to go through the HIPAA training course as protectingpatient information must be a top priority for all health careorganizations.
Whatisconsideredprotectedinformation?• According to HIPAA protected health information is consideredindividually indentifiable health information held or disclosedby a covered entity. Patient health information includes:patient’s name; Social Security number or medical recordnumber; specific dates such as a birth, admission, discharge,or death; or any other information that may be used toidentify a patient. This may include information about past,present, or future physical and mental conditions; theprovision of healthcare to an individual; or the past, present,or future payment for the provision of healthcare. (Cascardo,2012) A practice must refrain from discussing any aspects ofprogress notes, court records, domestic violence policereports, mental health documents, etc, with anyone unlessthe patient has signed a release form in advance.
Whatisavalidreleaseorauthorizationform?• A specific description of the information to be used ordisclosed• The name of the person(s) or organization that will beauthorized to release the information• The name of the person(s) or organization to whom theinformation is authorized to be released• A description of the purpose of the use of the disclosure• A date or even of expiration• The signature of the individual/patient and date, the form mayalso be signed by a personal representative but must includethe relationship that exist between the two
Authorizationmustinformthepatient• The right to revoke the authorization• The potential for redisclosure by persons who receive theinformation
WhatconstitutesabreachofHIPAA?• A breach essentially means that there has been animpermissible use or disclosure under the Privacy Rule thatcompromises the security or privacy of the patient healthinformation. This breach can cause significant risk of financial,reputational, or other harm to the affected individual.Typical Security risks include:• Unauthorized access by employees• Misuse of authorized access• Ineffective disposal of patient health information
MinimumNecessaryRule• It is extremely important that staff remember HIPAA’sminimum necessary requirement rule which states that onlythe minimum necessary patient health information should beshared to satisfy a particular purpose. If information is notrequired to satisfy a particular purpose then it must bewithheld. It is important for staff to understand that access isallowed only for the function they need to perform such as apharmacist would only need to access the patient’s history ofprescriptions in order to perform their job function.
Conclusion• Patient privacy and protection under HIPAA is theresponsibility of all staff at all times. When patientinformation is mishandled then the patient as well as thecommunity lose their trust in the organizations ability toprovide high quality care while also protecting sensitivepatient health information. Following the HIPAA guidelines isof the upmost importance and adherence to these policies isexpected of all staff at all time. Failure to do so will result isdisciplinary actions for the staff involved.
References• Cascardo, D. (2012). What to do before the Office of CivilRights comes knocking: Part 1. Medical PracticeManagement, May/June, 337-340. Retrieved from ProQuestdatabase.