2. HIPAA
• Stands for the Health Insurance Portability and
Accountability Act
• Enacted in 1996 and then revised in 2009 and 2013
• The purpose of the HIPAA Privacy Rule was to
introduce to restrict uses and disclosures of
protected health information, stipulating when, with
whom, and under what circumstances, health
information can be shared
• Requires health care providers and organizations to
ensure confidentiality of patient’s health information
3. HIPAA VIOLATIONS
• Failure to comply with HIPAA standards and rules
• Common violations:
• Unauthorized disclosure of protected health
information (PHI)
• Unauthorized access of PHI
• Failure to implement processes and procedures to
ensure confidentiality, integrity and availability of
PHI
• Failure to implement access controls to limit viewing
PHI
• Failure to terminate access to PHI when it is no
longer needed
• Failure to report a security incident within 60 days
after discovery
4. WHAT IS CONFIDENTIALITY?
• Confidentiality is the protection of one’s
personal information.
• Within health care, it refers to
the obligation of professionals who have
access to patient records or
communication to hold that information
in confidence.
• It is a set of rules acknowledged by law
that limits access to information and/or
communication between two parties in a
professional relationship
5. THE IMPORTANCE OF CONFIDENTIALITY
• Confidentiality builds trust
between physicians and patients
• Encourages communication
between the patient and
physician
• Helps to provide more effective
treatment; the more honest a
patient is, the better the
physician is able to figure out
what’s going on
• It is the law
6. WHAT INFORMATION IS CONSIDERED AS
CONFIDENTIAL?
• Any clinical information about a
patient’s diagnosis or treatment
• Picture, photo, video, audio or
other images of the patient
• Race
• Age
• SSN
• Address
• Anything directly or indirectly
that could lead to the
identification of a patient
7. WHO IS RESPONSIBLE FOR
CONFIDENTIALITY?
• Anyone in the organization
who has access to patient
information:
• Clinical staff
• Administrative staff
• Volunteers
• Health insurance agents
8. GUIDELINES
• Do not access patient information without a
“need to know”
• Only discuss patient information with authorized
personnel
• Do not discuss patient information or confidential
topics in public areas
• Do not leave patient information unattended
• Dispose of confidential information properly
• Ensure an auditing system is in place to monitor
PHI access
• Complete HIPAA and Confidentiality training
9. REFERENCES
• 9. Confidentiality | The BMA. (2018). Retrieved from
https://www.bma.org.uk/advice/employment/ethics/medical-students-ethics-toolkit/9-
confidentiality
• Griffith, R. (2015). Understanding the Code: exceptions to the duty of patient
confidentiality. British Journal of Community Nursing, 20(7), 356–359. Retrieved from
http://search.ebscohost.com.proxy-
library.ashford.edu/login.aspx?direct=true&db=ccm&AN=109812464&site=eds-live&scope=site
• Nass, S. J., Levit, L. A., & Gostin, L. O. (2009). Beyond the HIPAA Privacy Rule: Enhancing
Privacy, Improving Health Through Research. Institute of Medicine (US) Committee on Health
Research and the Privacy of Health Information: The HIPAA Privacy Rule.
• What is the Purpose of HIPAA? (2017). Retrieved from
https://www.hipaajournal.com/purpose-of-hipaa/
• What is a HIPAA Violation? (2019, May 06). Retrieved from
https://www.hipaajournal.com/what-is-a-hipaa-violation/