Protecting Privacy & Confidentiality Kyle Fortune MHA 690 Dr. Ray Borges April 25, 2012Slide Backgrounds from: http://www.dvd-ppt-slideshow.com
UCLA Hospital › Staff breached privacy and confidentiality of numerous celebrities › One employee saw over 900 patient records without consent Staff faces federal criminal charges Staff were warned, suspended, and/or fired (Over 120 UCLA Hospital Staff Saw Celebrity Health Records, 2008)
What is HIPPA? › Health Insurance Portability and Accountability Act (HIPAA) › Public Law passed in 1996 Set new guidelines for handling electronic healthcare transactions Applicable to everyone working in the United States Healthcare System Ensures protection of medical records (Wolper, 2011)
Seven Regulatory Steps Healthcare Services Must Follow: › Access Control › Encryption of Private Health Data › Integrity Control › Authentication › Audit Control › Alarms › Event Reporting (Wolper, 2011)
Access Control › Protects against inappropriate retrieval of electronic health information › Passwords are required to gain access to electronic medical records (EMR) › NEVER ACCESS A PATIENT’S RECORD UNLESS IT IS A NECESSITY! (Wolper, 2011)
Encryption of Private Health Data › Prevents intruders from accessing records › Makes it difficult to recode health information if wrongfully accessed Integrity Control › Protects validity of accessible data › Protects reliability of accessible data (Wolper, 2011)
Authentication › Required to access EMR › Identifies who is accessing the EMR Audit Control › Traces who has accessed EMR › Helps identify inappropriate access (Wolper, 2011)
Alarms › Provide warnings and alerts for attempted intrusion › Audits and alarms go hand-in-hand to see who may be frequently accessing EMR Authentication is important to prevent warnings/alerts from occurring Improper access will result in a warning/alert for breach of privacy (Wolper, 2011)
Event Reporting › Standards and regulations must be followed at all times › ALL breaches of HIPAA must be reported swiftly to… Prevent damages Regain control of access Inform patients who have been impacted by the breach of HIPAA (Wolper, 2011)
Access Control & Authentication › Never share your password with anyone People can use your password to access records This will result in a breach of privacy if improperly used › Never leave a computer with EMR open
Report events/violations › Patients have the right to know about unauthorized access › Intentional breaches are illegal May lead to criminal investigation and criminal charges › Staff who intentionally breach privacy will be suspended and/or terminated
Unauthorized access is illegal! Violation can lead to termination! Even worse….criminal charges! NEVER TAKE THE RISK!
Over 120 UCLA hospital staff saw celebrity health records. (2008). Retrieved from http://www.foxnews.com/story/0,2933,398784,00.htmlWolper, L. (2011). Health care administration (5th ed.). Sudbury, MA: Jones and Bartlett.