Healthcare administration

1. There are many trainings that could be put into
place as a manager to avoid unauthorized
access to patients record. One of those
training is the Yearly HIPPA Certification
training.

2. The Health Insurance
Portability and Accountability
Act
was enacted in 1996. It is
enforced by the Office of Civil
Rights of the United States
Government. It is a set of federal
guidelines created to allow
employees to take their medical
insurance with them if they leave
an employer, allow people
access to medical insurance
despite pre-existing conditions
(under some conditions), and to
establish privacy standards for a
patient’s health information.

3. The HIPAA Privacy Rule protects the privacy of individually identifiable
health information.
The HIPAA Security Rule sets national standards for the security of
electronic health information.

4. It is required by law to provide
HIPAA education and training to
individuals working in the
healthcare industry to ensure
accountability for the privacy
and security of protected health
information. Covered entities
must train all members of the
workforce on HIPAA policies
and procedures.

5. A covered entity, as defined in HIPAA, can be a health insurance plan, a health
care clearinghouse or a healthcare provider that transmits protected health
information electronically and can be organizations, institutions or persons.

6. Physicians and other healthcare
professionals that work with
patients and their confidential
medical records must adhere to
the policies, procedures, and
laws designed to protect patient
privacy and confidentiality. All
healthcare providers have a
responsibility to keep their staff
trained and informed
regarding HIPAA compliance.
Whether intentional or
accidental, unauthorized
disclosure of PHI is considered
a violation of HIPAA.

7. PHI or Protected Health Information refers to any individually identifying
information included in a patient's medical record that is transmitted or
maintained in any form.
Uses and Disclosures
A covered entity may use or disclose protected health information (PHI)
without authorization in under certain conditions.
-To the Individual
-Treatment, Payment, and Healthcare Operations
-Uses and Disclosures with Opportunity to Agree or Object
-Incidental Use and Disclosure.
-Public Interest and Benefit Activities
-Limited Data Set for the purposes of research, public health or health care
operations

8. Health care providers have an obligation to provide their patients with a
Notice of Privacy Practices. This notice, as required by the HIPAA
Privacy Rule, gives patients the right to be informed about their privacy
rights as it relates to their protected health information (PHI).
The notice should describe certain information in easy to understand
terms:
How the provider will use and disclose their PHI
The rights patients have regarding their own PHI
A statement informing the patient of laws requiring the provider to
maintain the privacy of their PHI
Who patients can contact for further information regarding the
provider's privacy policies

9. Enforcement and Penalties for Noncompliance
Civil Money Penalties
$100 per failure to comply
$25,000 maximum per year for multiple violations of the same requirement
Criminal Penalties (for knowingly obtaining or disclosing PHI in violation of
HIPAA)
$50,000 fine and up to one-year imprisonment
$100,000 fine and up to five years imprisonment (if violation involves false
pretenses)
$250,000 fine and up to ten years imprisonment (if violation involves intent
to sell, transfer, or use PHI)

10. Tips to Avoid Violating HIPAA
Take the necessary steps to keep from disclosing information through routine
conversation. Avoid disclosure of information through routine conversation;
discussing patient information in waiting areas, hallways or elevators; proper disposal
of PHI; and access to information be strictly limited to employees whose jobs require
that information. Basic information can seem so insignificant that it can easily be
mentioned in routine conversation but should only be shared on a need to know
basis.
Avoid discussing patient information in waiting areas, hallways or elevators. Sensitive
information can be overheard by visitors or other patients. Also be sure to keep
patient records out of areas that are accessible to the public. Since check-in desks
and nurses stations are out in the open, go the extra mile to ensure computers are
secured at all times. Chart holders should be mounted and the front panel
covered according to HIPAA standards.
PHI should never be disposed of in the trash can. Any document thrown in the trash is
open to the public and therefore a breach of information. There are many ways to
dispose of PHI. Proper disposal of paper PHI includes burning or
shredding. Electronic PHI can be disposed of by erasing, deleting, reformatting,
incinerating, melting, or shredding.
There are a number of available technologies designed to secure patient data. Be
selective in choosing devices and software that secure data over a wireless
connection including firewalls, anti-virus, anti-spyware, and intrusion detection
technology. Use extreme caution when accessing data over a remote connection. IT
specialists suggest using a two-factor authentication system with security tokens and
passwords.

11. References:
Wolper, L.F. (2011). Health care administration: Managing organized
delivery systems (5th ed.). Retrieved from https://content.ashford.edu
National Ethics Committee Report, Online Patient-Clinician ... (n.d.).
Retrieved from
http://www.ethics.va.gov/docs/net/NET_Topic_20040929_Online_mess
aging.doc