2. Confidentiality
• The basis of this presentation is to review a situation of
a privacy and confidentiality breach. From this
situation, a health care organization can learn the
importance of proper training and how to make their
policies and training remain effective once they are in
place.
3. Situation
• The situation surrounds
UCLA Medical Center
in California. A review
of their system revealed
a severe issue as many
of their employees were
illegally accessing and
viewing private patient
records of celebrities
that were admitted to
their hospitals.
4. • These multiple violations were a breach of
these patient’s HIPAA rights (Fox News,
2008). This review brought to light their lack
of training and the need to implement policies
and security to keep it from happening again.
Those involved in the breach faced criminal
charges, penalties, and the loss of their
employment and licensure (Fox News, 2008).
5. Training
When it comes to training,
there are several main points
to keep in mind. What are you
trying to avoid and how do
you keep it from happening?
HIPAA violations are not to be
taking lightly, as we learned
from the situation at UCLA. It
can lead to major fines or even
criminal charges.
6. • Clear policies and procedures that state the
organization’s intentions, how they will
monitor access, and how they will manage
surveillance of activities need to be given to
each and every staff member (Wolper, 2011).
7. • This policy needs to be
addressed during
orientations as well as in
a formal classroom
environment for current
staff members (Cox,
2016).
8. • Once a clear policy is in place, annual training
needs to occur to remind the staff of their duty
to be diligent and protect a patient’s private
information. Among these training points,
there needs to be an increase in security
features to better monitor the access of records
(Cox, 2016). The best rule of thumb is if you
do not need to know, then do not look at it.
Otherwise you will be violating that patient’s
rights.
10. • To remain effective and ensure this training is
effective when it is implemented, there are
several different avenues that can be explored.
Along with annual HIPAA and HITECH
training, managers should be encouraged to
complete monthly audits (Taylor, Williams, &
Blythe, 2015).
11. • Not only will continual
monitoring by IT help
account for any
questionable actions
being caught, but
monthly audits will
allow for trends and
violations to be caught
and corrective actions to
take place immediately.
12. • Other ways to remain effective include adding
security warning to systems and guaranteeing
systems are secure at all times (Taylor,
Williams, & Blythe, 2015).
13. • It is every staff
member’s duty and
responsibility to protect
patient information and
not violate it by seeking
out information that
does not pertain to their
job.
14. References
• Cox, C. (2016). Understanding confidentiality in health care. Diabetes & Primary Care, 18(5), 227-
230.
• Fox News. (2008). Report over 120 UCLA hospital staff saw celebrity health records. Retrieved
from http://www.foxnews.com/story/0,2933,398784,00.html
• Taylor, J. F., Williams, R. L., & Blythe, M. J. (2015). Healthcare reform, EHRs, and adolescent
confidentiality. Contemporary OB/GYN, 60(8), 34-37.
• Wolper, L. F. (2011). Health care administration: Managing organized delivery systems (5th Ed.).
Sudbury, MA: Jones and Bartlett Publishers, LLC.