2. Serious Breech of Confidentiality
127 workers peeked into celebrities' medical records without
permission, leading to several firings, suspensions and
warnings.This concerned members of the UCLA Hospital Staff
and it can happen anywhere.
LawsViolated:
3. What can be done in order to avoid this in our facility?
1. Mandatory HIPAA and Protected Health InformationTraining
Personal health information (PHI), also referred to as protected health information, generally
refers to demographic information, medical history, test and laboratory results, insurance
information and other data that a healthcare professional collects to identify an individual and
determine appropriate care.
2. Clearly defined “need to Know” rules
Although the terms ‘‘confidentiality’’ and ‘‘privacy’’ are often used inexactly or
interchangeably, they are not equivalent, as it is possible to keep information private
while still breaching confidentiality (Weiner, and Gilliland. 2011).
4. Who is this training applicable to?
1. Doctors working in, or licensed to work in, our facility
2. Nursing staff; CNA, LPN, RN, and MedTechs
3. Medical Records Personnel
4. Laboratory Personnel
5. Transporters
This is not an exclusive list. Any personnel working in direct patient care are subject to all applicable training.
Clinicians
Patients
Insurance
Carriers
This includes informing patients who we may release PHI to.
5. Training Frequency and Requirements:
Continuing Education (CE) requirements:
1. One Hour block HIPAA and PHITrainingYearly
2. SignedAcknowledgement ofTraining Requirement in every employee training folder
3. Clearly defined rules for violations either incidental or intentional
Violation 1: Remedial HIPAATraining
Violation 2: Situational Employment Review
Violation 3: Employee Dismissal
4. 90 day password change requirement in effect for all personnel with PHI access
5. Individually assigned PIN Access code for records room
7. What is Protected Health Information (PHI)?
Any one of these alone can still be considered PHI due to the personal nature of the information
8. Conclusions…
HIPAA isn’t new and neither is HIPAA training. Employees need to be mindful of any potential PHI
in, on, or around their work areas.This responsibility belongs to each individual and the biggest obstacle
to overcome is human nature. What does this mean? If you don’t “need to know” then don’t look at
it.
UCLA failed to detect these violations for years. Don’t let the same legal
problems happen here.
9. References:
Wolper, L. (2011). Health care administration: Managing organized
delivery systems (5th ed.). Sudbury, MA: Jones and Bartlett Publishers
Wiener, J., and Gilliland,A. (2011). Balancing between two goods: Health Insurance Portability and
Accountability Act and ethical compliancy considerations for privacy-sensitive materials in health sciences
archival and historical special collections. Journal of the Medical Library Association. Retrieved 5 May 2016
http://eds.a.ebscohost.com.proxy-library.ashford.edu/eds/pdfviewer/pdfviewer?vid=1&sid=f5178c68-a42d-
492c-a76c-3b19abb2edf6%40sessionmgr4003&hid=4208