This document discusses protecting patient privacy and confidentiality under HIPAA regulations. It summarizes a case where over 120 UCLA hospital staff inappropriately accessed celebrity health records, facing criminal charges. It then outlines the seven regulatory steps healthcare services must take under HIPAA, including access control, encryption, authentication, and event reporting. Unauthorized access of patient records is illegal and can result in termination or criminal prosecution.
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Mha 690 -week one--confidentiality power point
1. Protecting Privacy &
Confidentiality
Kyle Fortune
MHA 690
Dr. Ray Borges
April 25, 2012
Slide Backgrounds from: http://www.dvd-ppt-slideshow.com
2. UCLA Hospital
› Staff breached privacy and confidentiality of
numerous celebrities
› One employee saw over 900 patient records
without consent
Staff faces federal criminal charges
Staff were warned, suspended, and/or fired
(Over 120 UCLA Hospital Staff Saw Celebrity Health Records, 2008)
3. What is HIPPA?
› Health Insurance Portability and
Accountability Act (HIPAA)
› Public Law passed in 1996
Set new guidelines for handling electronic
healthcare transactions
Applicable to everyone working in the United
States Healthcare System
Ensures protection of medical records
(Wolper, 2011)
4. Seven Regulatory Steps Healthcare
Services Must Follow:
› Access Control
› Encryption of Private Health Data
› Integrity Control
› Authentication
› Audit Control
› Alarms
› Event Reporting
(Wolper, 2011)
5. Access Control
› Protects against inappropriate retrieval of
electronic health information
› Passwords are required to gain access to
electronic medical records (EMR)
› NEVER ACCESS A PATIENT’S RECORD UNLESS IT
IS A NECESSITY!
(Wolper, 2011)
6. Encryption of Private Health Data
› Prevents intruders from accessing records
› Makes it difficult to recode health information
if wrongfully accessed
Integrity Control
› Protects validity of accessible data
› Protects reliability of accessible data
(Wolper, 2011)
7. Authentication
› Required to access EMR
› Identifies who is accessing the EMR
Audit Control
› Traces who has accessed EMR
› Helps identify inappropriate access
(Wolper, 2011)
8. Alarms
› Provide warnings and alerts for attempted
intrusion
› Audits and alarms go hand-in-hand to see
who may be frequently accessing EMR
Authentication is important to prevent
warnings/alerts from occurring
Improper access will result in a warning/alert
for breach of privacy
(Wolper, 2011)
9. Event Reporting
› Standards and regulations must be followed
at all times
› ALL breaches of HIPAA must be reported
swiftly to…
Prevent damages
Regain control of access
Inform patients who have been impacted by
the breach of HIPAA
(Wolper, 2011)
10. Access Control & Authentication
› Never share your password with anyone
People can use your password to access
records
This will result in a breach of privacy if
improperly used
› Never leave a computer with EMR open
11. Report events/violations
› Patients have the right to know about
unauthorized access
› Intentional breaches are illegal
May lead to criminal investigation and criminal
charges
› Staff who intentionally breach privacy will be
suspended and/or terminated
12. Unauthorized access is illegal!
Violation can lead to termination!
Even worse….criminal charges!
NEVER TAKE THE RISK!
13. Over 120 UCLA hospital staff saw celebrity health records. (2008).
Retrieved from http://www.foxnews.com/story/0,2933,398784,00.html
Wolper, L. (2011). Health care administration (5th ed.). Sudbury, MA:
Jones and Bartlett.