This document outlines the importance of privacy and security awareness training for UCLA Hospital employees. Such training educates employees on how to safeguard patients' protected health information in compliance with HIPAA regulations. It describes employees' roles in keeping PHI secure and not sharing it with unauthorized individuals. Examples of potential PHI violations are provided, such as sending PHI to the wrong recipient or discussing patient records publicly. The training recommends employees only access PHI necessary for their jobs and report any suspected threats to PHI. Its goal is to prevent violations and ensure employees understand their legal obligations to protect patient privacy.
1. Privacy and Security Awareness
Training
Jessica Quesada
Health Care Capstone , MHA 690
Doctor David Cole
July 24, 2014
2. Privacy and Security Awareness
Training
Contents
Employees Roles of Keeping Patients’ PHI
Secured
HIPAA Privacy Rule
PHI Violations and Breach
Recommendations if PHI is Suspected
Conclusions
3. Privacy and Security Awareness
Training
Awareness and training are important keys to
educate UCLA Hospital employees on how to
safeguard patients’ Protected Health Information
(PHI) and reduce the incidence of security breaches
in their healthcare organization. It is vital to describe
that PHI is information associated to the patient’s
health care such as patient’s name, address, date of
birth, phone number, social security number and
medical health records.
4. Privacy and Security Awareness
Training
Therefore, all employees
that handle sensitive and
confidential information
should be trained on the
policies and procedures
with respect to the
protection of this
information and they
should learn their
responsibilities to protect
the privacy of patients
annually.
5. Privacy and Security Awareness
Training
Employees’ roles of keeping Patients’ PHI
secured
Employees need to understand the importance of the
use and disclose of PHI as it is related to their job
because patient information is confidential.
Employees are not allowed to share this information
with others on duty or off duty. In fact, employees
are responsible of safeguarding and protecting
sensitive and confidential information by
unauthorized personnel.
6. Privacy and Security Awareness
Training
HIPAA Privacy Rule
Health Insurance
Portability and
Accountability (HIPAA)
Privacy Rule ensures
federal protection for the
privacy of patients’ records
and health information
from covered entities such
as health plans, health care
providers, health care and
clearinghouses.
7. Privacy and Security Awareness
Training
HIPAA Privacy Rule
The Privacy Rule standards address the use and
disclosure of patients’ PHI by these covered entities
and provide strong legal protection to ensure
confidentiality and privacy of electronic protected
health records. HIPAA Privacy Rule ensures that
patients’ health information is protected by users
while health care services are provided (New York
State, 2012).
8. Privacy and Security Awareness
Training
PHI violations and Breach Examples
Sometimes, PHI violations might not be identified as
incidents that cause significant harm to patients;
hence employees need to recognize potential violation
of the Privacy Rule and report them immediately.
For instance, PHI is sent to wrong recipient via
email, PHI is in lost laptops or flash drives,
unauthorized personnel access patient’s information
using other coworker’s passwords, a physician is
discussing about patient’s medical records to others
on a public area.
9. Privacy and Security Awareness
Training
PHI violations and Breach Examples
Another example is when an outreach letter with
sensitive information is sent to the wrong patient or
patient’s medical records are found in public areas
such as cafeteria or bathroom. If employees violate
the privacy and security policies that support the
HIPAA regulations, they might face disciplinary
action or employment termination (UPMC Horizon,
2012).
10. Privacy and Security Awareness
Training
Recommendations
if PHI is suspected
Employees need to access
PHI only if their job
requires, therefore
employees must report to
their supervisors or
compliance officer if they
observe any potential
threats that might
compromise PHI.
11. Privacy and Security Awareness
Training
Recommendations if PHI is suspected
Employees should never discuss patients’
information to those who have no right to know
about them. Another important recommendation is
to avoid discussing about PHI in public areas and
never repeat what is heard. Please keep drawers,
desks and doors locked in station where PHI is
found. It is highly recommended that employees
protect their passwords and log off if computers will
be unattended because it represents a significant
threat to the hospital and patients.
12. Privacy and Security Awareness
Training
Conclusion
Privacy and security awareness training can answer
many questions and concerns that employees might
experience in daily basis. It is vital to keep employees
informed and educated of their legal and ethical
obligations and security restriction in the event of a
PHI breach; thus they need to keep aware of any
changes that can help them comply with regulations
and policies that safeguard PHI. Indeed, different
examples were shared to visualize different situations
that might prevent employees from violating privacy
policies and receive sanctions that might lead to
employment termination.
13. References
Health Insurance Portability and Accountability Act
(HIPAA). (2012). New York State. Retrieved from
https://www.omh.ny.gov/omhweb/hipaa/
HIPAA Privacy & Security Awareness Training for
Students. (2010). UPMC Horizon. Retrieved from
http://www.upmc.com/locations/hospitals/horizon/career
s/documents/hippa-training.pdf