PRIVACY AND CONFIDENTIALITY
MHA690: HEALTH CARE CAPSTONE
PROFESSOR HWANG-JI LU
SEPTEMBER 26, 2013
When it comes to health care, providing patient-centered and quality
care is the number one goal. There are many factors that are involved
in this process and patient privacy and confidentiality is prominent. In
the era of new technology and electronic medical records (EMR)
systems, health care professionals and all staff must actively practice
the obligation to keep patient health information private. All staff
members are to ensure the integrity and confidentiality patient
information. Why is this important?
• Protects individuals from discriminatory or wrongful use of their
protected health information (PHI)
• Protect against any reasonably anticipated threats or hazards to
the security of the information
• Protect against unauthorized use or disclosure of the information
• PHI is health information that recorded, stored, retrieved
and processed for medical decision-making purposes.
• It is important to understand that PHI must be protected
not only from outsiders, patient information must be
protected from individuals who have no direct care (whether
clinical or administrative) with the patient.
• With EMRs, all activity by users is monitored and an audit
trail is readily available to keep track of who is accessing
any given patient’s medical records.
Patient information is easy to access
through EMR. This is why it can be
deceiving to employees because if you
have the access, why can’t you use it
to access any patient chart? This is
where patient privacy is questioned.
NO EMPLOYEE CAN ACCESS A
PATIENT’S CHART THAT HE/SHE IS
NOT DIRECTLY WORKING WITH.
• The designation of a privacy
• Privacy training for all employees
• Reasonable safeguards to prevent
intentional or incidental disclosure
or misuse of protected health
• Formal sanctions for employee
violations of any privacy rule
If an employee shares information
pertaining to a patient with anyone who is
not involved in the care of the patient, this
is considered a violation of patient privacy
Keep in mind that there are consequences
and disciplinary actions if a patient’s
privacy is breached. These include:
Termination of employment
APPROPRIATE POLICIES, PROCEDURES,
• HIPAA is the acronym for the Health Insurance Portability and Accountability Act of
1996. HIPAA is one of the most significant aspects of Federal legislation affecting the
health care industry since the creation of the Medicare and Medicaid programs in
1965. Under Title II of HIPAA, Congress passed the Administrative Simplification
provisions of HIPAA, to protect the privacy and security of protected health
information (PHI), and to promote efficiency in the health care industry through the
use of standardized electronic transactions. The main stimulus behind these rules is
to protect the confidentiality, integrity, and availability of PHI in any form: written,
verbal, or electronic.
• The Privacy rule protects individuals from discriminatory or wrongful use of their
protected health information (PHI). An example of discriminatory or wrongful use is:
• Nosy neighbors, family members or reporters using PHI for any number of
unnecessary or exploitive purposes
WAYS TO KEEP PATIENT INFORMATION
• Using lowered voices at the reception, registration or any other
common area so PHI cannot be overheard
• Setting up curtains or temporary wall dividers to create semi-
private spaces in common areas for discussion
• Not mentioning names when taking a phone call from another
physician in the presence of another patient
• Dictating notes in a private location such as an office rather
than in a hall or other common area
• Properly disposing of records on paper if not maintained in
paper medical records (such as patient name, results,
treatment plans, medical history)
• We place the highest priority on a patient’s right to privacy. We
are committed to providing patients and their families with
exceptional care and forming a relationship that is built on trust.
This means that we respect a patient’s right to privacy and will
endeavor to protect the confidentiality of all health information–
whether this information is stored on paper or electronically. If
you are uncertain of what a potential privacy
breach is, talk to your supervisor or manager.
IF YOU DON’T KNOW, ASK!
• A slideshow with pictures and pertinent, overall information about what patient health
information is and how their privacy is important will provide a background for
understanding how imperative patient privacy and confidentiality is.
• This will help because it is in an order where each component is addressed separately
while always tying back to the importance of accessing patient information with discretion.
• Staff reading this will be able to understand what privacy is, how HIPPA applies, and how
EMRs must be navigated with caution.
• Understanding how much information EMRs hold and how easy it is for any staff member
to access PHI, enables staff to take responsibility is patient privacy and confidentiality is
breached. Consequences are demanded if there is a breach.