2. The Office for Civil Rights enforces the HIPAA
Privacy Rule, which protects the privacy of
individually identifiable health information; the
HIPAA Security Rule, which sets national
standards for the security of electronic protected
health information; the HIPAA Breach Notification
Rule, which requires covered entities and business
associates to provide notification following a
breach of unsecured protected health information;
and the confidentiality provisions of the Patient
Safety Rule, which protect identifiable information
being used to analyze patient safety events and
improve patient safety.
3. Confidentiality means that you cannot share a
patient's information with any other person in
either verbal or written form. Information
learned during the course of treatment that is
material to that treatment is protected by
confidentiality laws. Disclosure of such
information could be construed as a breach of a
patient's privacy.
Medical records – Any record that identifies
the mental, physical, or emotional health of an
individual
4. UCLA hospital patients have the right to have
communications involving their health to be on
a need to know basis.
Only those authorized to have access (i.e. those
who need it for treatment, payment, or any
other healthcare service) should have access.
5. Federal HIPPA laws are superimposed on state
confidentiality laws. Federal laws usually
supersede state laws, but state law still may
prevail if it is more strict.
6. HIPAA protects all personally identifiable
health information. It includes all information
that identifies, or could reasonably be used to
identify, a patient regardless of medium
employed. Although originally envisaged as a
regulator of electronic health records (EHR), it
applies to paper records and verbal
communication as well.
7. All staff members will be trained and tested on
HIPPA
Training and testing includes being respectful
of all patient’s private information, viewing
records without any legitimate reason, and
consequences when you violate patient privacy
and security.
8. Conduct patient interviews in private rooms or
areas
Never discuss cases or use patients' names in a
public area
If a staff member or health care worker
requests patient information, establish his or
her authority to do so before disclosing
anything
Keep records that contain patient names and
other identifying information in closed, locked
files
9. Restrict access to electronic databases to
designated staff
Carefully protect computer passwords or keys;
never give them to unauthorized persons
Carefully safeguard computer screens
Keep computers in a locked or restricted area;
physically or electronically lock the hard disk
Keep printouts of electronic information in a
restricted or locked area; printouts that are no
longer needed should be destroyed
10. HIPPA VIOLATION MINIMUM PENALTY MAXIMUM PENALTY
Individual did not know
(and by exercising
reasonable diligence
would not have known)
that he/she violated
HIPAA
$100 per violation, with
an annual maximum of
$25,000 for repeat
violations (Note:
maximum that can be
imposed by State
Attorneys General
regardless of the type of
violation)
$50,000 per violation,
with an annual
maximum of $1.5 million
HIPAA violation due to
reasonable cause and not
due to willful neglect
$1,000 per violation,
with an annual
maximum of $100,000
for repeat violations
$50,000 per violation,
with an annual
maximum of $1.5 million
HIPAA violation due to
willful neglect but
violation is corrected
within the required time
period
$10,000 per violation,
with an annual
maximum of $250,000
for repeat violations
$50,000 per violation,
with an annual
maximum of $1.5 million
HIPAA violation is due
to willful neglect and is
$50,000 per violation,
with an annual
$50,000 per violation,
with an annual
11. Individuals whom "knowingly" obtain or disclose
individually identifiable health information in
violation of the Administrative Simplification
Regulations face a fine of up to $50,000, as well as
imprisonment up to one year. Offenses committed
under false pretenses allow penalties to be
increased to a $100,000 fine, with up to five years
in prison. Finally, offenses committed with the
intent to sell, transfer, or use individually
identifiable health information for commercial
advantage, personal gain or malicious harm permit
fines of $250,000, and imprisonment for up to ten
years.
12. Safeguarding the privacy and confidentiality of
student information is the responsibility of
everyone in the division.
Violations can be costly
13. Johnsun, L. J., J.D., & Weinstock, Frank J,M.D.,
F.A.C.S. (2012). Correct patient privacy and
confidentiality violations. Medical Economics, 89(8),
37-8. Retrieved from
http://search.proquest.com/docview/1021130855
?accountid=32521
American Medical Association. (nd). HIPPA
Violations and Enforcements. Retrieved from
http://www.ama-assn.org
U.S. Department of Health & Human Services.
(nd). Health Information Privacy. Retrieved from:
http://www.hhs.gov/ocr/pricacy