1. CONFIDENTIALITY & HIPAA
COMPLIANCE TRAINING FOR HEALTHCARE EMPLOYEES
KRISTEN TEREO
MHA 690:HEALTH CARE CAPSTONE
SHERRY GROVER
JULY 19, 2012
2. Confidentiality Practices
o Understanding HIPAA
o Its purpose
o Penalties & Sanctions
o What is HIPAA all about?
o Review of Handbook
o Acknowledgement & Certification
3. Objectives
o State what is HIPAA and what does it govern.
o Explain who (entities) is covered by HIPAA privacy
rule.
o Identify who is authorized to see protected health
information.
o What are the penalties that can be imposed for
violating HIPAA.
4. What is HIPAA?
Health Information
Portability and
Accountability Act
o HIPAA governs the privacy rights of patients and the
confidentiality of medical records
o Federal Law
5. The Purpose of HIPAA
o Protect individuals from the adverse effects of improper
disclosure of protected health information.
o Protect against unauthorized and inappropriate use of
protected health information.
o Establish a standard set of provisions, that if followed, provide
evidence that the health care institution properly handled and
disclosed private medical information.
6. Penalties and Sanctions
General Business Practice
Violation
o $100,000 for violations that have
occurred with such frequency as to
constitute a general business
practice.
PLUS
o Civil action may be brought against any
person or entity who violates the law.
7. Civil Penalties
o ANY VIOLATION
$100 for each and every act or violation
not to exceed $25,000 per person for
single standard per calendar year
o “KNOWING” VIOLATION
$50,000 - $250,000 fines dependent
upon if misuse is under „false pretenses‟
or with intent to sell for personal gain or
malicious harm
8. Criminal Sanctions
Up to 1 year
-Wrongful disclosure
Up to 5 years
-Wrongful disclosure under false
pretenses
Up to 10 years
-Wrongful disclosure under false pretenses
or knowingly or intentionally sell or transfer
such protected information for commercial
advantage, personal gain, or malicious harm.
9. Individual Rights
o Access - to see, get copy of one's records,
o Amendment- to request corrections, statement of
disagreement when errors are found.
o Accounting - of uses and disclosures of protected health
information (patient may request a list of the entities
to which/whom one's records has been disclosed).
o For especially sensitive information, can request extra
protections and/or confidential communications.
o To complain about, get resolution of, privacy
problems.
10. Safeguards
o Verbal conversations precautions: Close doors when discussing treatments and
administering procedures.
o Close curtains and speak softly in semi-private rooms when discussing treatments and
administering procedures.
o Avoid discussion about patients in public areas such as elevators and cafeteria lines.
o Do not leave messaged on answering machine regarding patient conditions or test
results.
o Avoid paging patients using information that could reveal their health problems.
o Secure storage and transportation or patient information.
o Display precautions (e.g., computer screens displayed away from public access)
o Posted or written patient information i.e., whiteboards kept away from public access
areas).
o Log off computers when away from workstation.
o Telephone and facsimile precautions: When given patient information regarding
condition on the phone limit responses to basic responses stable or critical.
11. Resources and Contacts
Supervisor or Manager
Compliance Contacts:
Donna Smith (800) 555-1234
Susan Johnson (800) 555-5678
State Health Compliance line
800-555-6789
12. Resources
o U.S. Department of Health and Human Services. The
Health Insurance Portabillity and Accountability
Act of 1996 (HIPAA) Privacy and Security Rules.
Retrieved from www.hhs.gov
o Wolper, L.F. (2011). Health care administration:
Managing organized delivery systems (5th ed.).
Sudbury, MA: Jones and Bartlett Publishers.