Confidentiality: Effective Training for Healthcare Employees
Effective Training for Healthcare
MHA 690 Health Care Capstone
By Jacqueline C Winston
TERMS TO KNOW
First comprehensive federal protection for
privacy and individually identifiable
protected health information (PHI), 1996
Terms to Know
(HITECH) Health Information Technology
for Economic and Clinical Health Act is
part of the American Recovery and
Reinvestment Act (ARRA) of 2009.
Purpose of HITECH Act
Portions of the HITECH Act are designed
to strengthen HIPAA rules that address
privacy and security matters concerning
electronic transmission of health
information (Cascardo, 2012).
Health and Human Services
Health and Human Services (HHS):
Under ARRA, a healthcare organization
must notify individuals of any security
breach and keep a log of breaches to
submit annually to HHS (Cascardo,
If there is a breach of “unsecured PHI,” a
healthcare organization is required by
law to notify each individual whose PHI
was breached within 60 days of
discovery of breach (Cascardo, 2012).
Any notification of a security breach must
be sent in writing by first-class mail;
email may also be used.
HHS must be notified immediately if the
breach involves more than 500
individuals; media must also be notified.
Review of Policies &
Staff will be trained on appropriate measures
required to review patient files and maintain
confidentiality (Cascardo, 2012).
Staff will be trained with respect to the
reporting of breaches.
Reprimands will be imposed on any staff that
does not comply with breach notification
Review of Policies and
Procedures will be discussed on how to
file a complaint under the HHS rules.
Individuals are within their rights to file a
complaint under HHS regulations.
All staff will be properly trained in
Cascardo, D. (2012). What to do before the office for civil rights
comes knocking: Part I. The Journal of Medical Practice
Management: MPM, 27(6), 337-40. Retrieved from http://search