2. Introduction
The purpose of this presentation is to:
Outline HIPAA guidelines for the privacy and
confidentiality of patient records
Outline responsibilities of staff members
Outline consequences for not adhering to privacy
protections
3. Background
Between 2004 and 2006, 127 employees at UCLA
Medical Center were found to have snooped in the
medical records of celebrity patients
The employees had no reason to view those medical
records
Employees were terminated
or reprimanded for their actions
4. HIPAA Guidelines
HIPAA sets standards for when a patient’s protected
health information may be used
Providing treatment
Billing
Healthcare operations
Providing information to patients
Reporting health-related incidents
5. HIPAA Guidelines
Employees and staff must have a valid reason to view
patient records
Employees and staff must also be authorized to view
patient records under one of the acceptable reasons
Simply being an employee of the facility is not
authorization to view the records of a specific patient
6. Penalties for Violating HIPAA
The medical facility can face fines ranging from
$25,000 to $1.5 million
Individual employees can face fines ranging from
$50,000 to $250,000 and up to 10 years in prison
depending on the reason for the violation and how
patient health information is used
7. Medical Facility Policy
This medical facility strictly follows HIPAA regulations
All employees must be authorized to view patient
records and have a valid reason under HIPAA to view
patient records
8. Medical Facility Policy
Any unauthorized access of patient records can result
in termination
Employees can also be reported to legal authorities
and face criminal and civil penalties for unauthorized
access of patient records
9. References
Associated Press. (2008). Report: Over 120 UCLA Hospital staff saw celebrity health records. Fox
News. Retrieved from https://www.foxnews.com/story/report-over-120-ucla-hospital-staff
saw-celebrity-health-records
American Medical Association. (n.d.). HIPAA violations & enforcement. Retrieved from
https://www.ama-assn.org/practice-management/hipaa/hipaa-violations-enforcement
Department of Health and Human Services. (2013). Summary of the HIPAA privacy rule.
Retrieved from https://www.hhs.gov/hipaa/forprofessionals/privacy/laws- regulations/index.html
Department of Health and Human Services. (2019). Notification of enforcement discretion
regarding HIPAA civil money penalties. Retrieved from
https://www.federalregister.gov/documents/2019/04/30/2019-08530/notification-of-
enforcement-discretion-regarding-hipaa-civil-money-penalties