2. Patient confidentiality
UCLA Medical Center had more than 120 workers view celebrity
medical records over the course of two years. This is alarming as
it is a breach of patient confidentiality. Patients feel violated and
lose trust in the hospital.
This staff training will provide education and go over patient
privacy, confidentiality, and HIPAA regulations to prevent this
type of situation and other types of confidentiality breaches from
occurring.
ALL employees must protect patient health information!
HIPAA violations can lead to civil and criminal penalties including
fees and potential jail time.
3. HIPAA
Health Portability and
Accountability Act of
1996
Regulations protecting the privacy and
security of health information by
implementing safeguards to ensure
confidentiality, integrity, and availability of
protected health information. (HIPAA
Journal, 2018).
Applies to covered entities that includes
most care providers, all health plans, and
health care clearinghouses.
HIPAA privacy rule assures that individuals’
health information is properly protected
while allowing the flow of health information
needed to provide and promote high quality
health care (HHS.gov, 2013).
4. Protected Health Information (PHI)
Term given to health data created, received, stored, or transmitted by HIPAA-covered
entities and their business associates in relation to the provision of healthcare,
healthcare operations and payment for healthcare services (HIPAA Journal, 2018).
Protected Health Information Includes:
Names and all individually identifiable health information
Demographic data
Medical histories and test results
Insurance information
Dates directly related to patient's health care services or benefits
Social Security numbers, medical record numbers, & account numbers
Addresses, phone numbers, and emails
Full-face photographs, X-rays, MRIs
5. What is a confidentiality breach?
Occurs when a patient's private information is disclosed or reviewed without their
consent.
Examples include discussing a patient in public areas, looking at patient charts
when it does not pertain to one's job, and giving private information over the
phone without asking for appropriate identifiers.
Posting about a patient on social media
Faxing, emailing, or electronically transferring patient information without the
appropriate safeguards or security measures to protect PHI.
6. Penalties and fines
Criminal penalties of up to $250,000 and ten years in prison for intentional violations.
Civil penalties of $100 per violation, up to $25,000per year.
Category 1: A violation that the covered body was unaware of and could not have realistically
prevented. $100 minimum fine per violation, $50,000 maximum fine
Category 2: A violation that the covered body should have been aware of but could not have
prevented even with a reasonable amount of care. $1,000 minimum fine per violation, $50,000
maximum fine
Category 3: A violation that occurred due to “willful neglect” of HIPAA Rules, in cases where efforts
have been made to address the violation. $10,000 minimum fine per violation, $50,000 maximum
fine
Category 4: Category 4: A violation of HIPAA Rules constituting willful neglect, where no efforts
have been made to correct the violation. $50,000 minimum fine per violation (HIPAA Guide, 2017).
7. Releasing patient information
Verify identity!
Government issued photo ID or
employee badge if within the hospital
If over the phone, verify date of birth
and address
If written request, compare to
signatures on file or have notarized
signature
Patients may obtain a copy of their
medical records with their photo ID and
a signed medical release
May release medical information to
medical power of attorney or court
appointed guardian with verification of
paperwork and photo ID
Patient is present and gives permission
only sharing relevant information
May release to a Business
Associate with an agreement on file
for billing and claims processing
8. How to avoid a HIPAA violation or breach
of confidentiality.
Only access information needed to perform one's job!
Only discuss PHI with other employees who need to
know and do so in a secure or private area.
Keep PHI in a secure location and do not leave
unattended.
Do not share computer log-ins or passwords.
Close computer programs containing patient
information when not in use. Computer systems will
automatically time out requiring secure login after
inactivity of a specified time.
Disgard patient information in locked shred bins.
Discuss any concerns or violations with management
immediately.
9. References
Health & Human Services. (2013, Jul. 26). Summary of the HIPAA privacy rule. Retrieved
from: https://www.hhs.gov/hipaa/for-professionals/index.html
HIPAA Guide. (2017, Oct. 1). What are the penalties for HIPAA violations. Retrieved from:
https://www.hipaaguide.net/hipaa-violation-penalties/
HIPAA Journal, (2018, Jan 10). What is protected health information. Retrieved from:
https://www.hipaajournal.com/what-is-protected-health-information/
Images
Freerange Stock. Lock picture #1. Rawpixel. Retrieved from:
https://freerangestock.com
Freereange Stock. HIPAA Complient picture #2. Vector Images. Retrieved from:
https://freerangestock.com
Freerange Stock. Lock & computer picture #3. Morah, J. Retrieved from: https://freerangestock.com
Freerange Stock. Checklist picture #4. Rawpixel. Retrieved from: https://freerangestock.com