Patient confidentiality


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Patient confidentiality

  1. 1. R E S P E C T I N G P R I V A C Y L A W S A N D P A T I E N T C O N F I D E N T I A L I T Y Excellence in Action
  2. 2. Objectives of this Presentation  To explain the HIPAA Law and its background, including:  What information is protected  Who is required to follow HIPAA Laws  Consequences for violating patient privacy  Examples of HIPAA violations  How to remain in compliance with the laws  Reporting breaches of privacy  To provide scenarios for deeper understanding of the law
  3. 3. Introduction to the HIPAA Privacy Laws
  4. 4. HIPAA The Health Insurance Portability and Accountability Act  HIPAA protects:  Security and privacy of all medical records  Health information used or shared in any form  Patients’ rights  Gives patients access to their information and control over its use  What is at stake:  Privacy of care  Security of personal health information (PHI) to avoid medical identity theft  Electronic health records  Computerized physician orders
  5. 5. HIPAA Protects Personal Health Information (PHI)  PHI is information that relates to:  Patients’ health  Care provided to patients  Payment for care provided  Information that can be used to identify the patient  Name  Address  Birthday  Social security number  Medical record number  PHI is protected in every form  Spoken  Electronic  Written  Any PHI must be kept confidential unless authorized by the patient or someone acting on patient’s behalf  Unless permitted by HIPAA
  6. 6. Covered Entities Entities required by law to follow HIPAA rules  Facilities that provide or bill for medical care and services  Hospitals  Nursing (long-term or geriatric) facilities  Physician offices  Organizations that pay for care or process care financial and administrative information  Insurance/claims/billing companies  Health care clearing houses  Associates and administrators working for these organizations
  7. 7. Consequences for Violating HIPAA Rules  Termination  Suspension  Criminal penalties  $50,000-$1.5 million fines  Up to 10 years of imprisonment  Civil penalties  Fines ranging from $100- $25,000 per violation  More fines for multiple-year violations
  8. 8. Insurance Companies Laboratory Technicians  Insurance companies need to access PHI to process claims  Sharing this information with a patient’s employer would be a violation of HIPAA regulations  Employers do not need to know patients’ PHI  Physicians and nurses need full access to patients’ health records to provide care  Lab technicians only need to perform tests the physicians ordered  Looking into the patients’ PHI would violate HIPAA rules Examples of HIPAA Violations
  9. 9. Physicians and Nurses Everyone wants medical privacy  Using their position to access records they do not need to do their job  Accessing coworkers’ records  Accessing records of celebrities  Accessing PHI of family members they are not treating  Accessing records for personal gain  To gossip  Curiosity Examples of HIPAA Violations
  10. 10. Scenario 1: The Intern  Anna is an intern at the University of Idaho’s Pain Clinic. She does not have access to medical information but sees patients and hears about their medical conditions. Can she discuss these patients with her coworkers, friends, or family?  To follow the HIPAA privacy rules, Anna cannot discuss any patient information with anyone unless it is required for her job.  However, Anna can talk with others about the patients if she omits information that personally identifies the patients.
  11. 11. Scenario 2: The Celebrity  Chris, a nurse in Overlake Hospital’s Emergency Department, just saw Oprah Winfrey enter the hospital with intense abdominal pain. He wants to check on the celebrity so he can tell his friends why she was admitted. Can Chris ask his friend Sandy (in admitting) to look up Oprah’s room number?  Under HIPAA, checking on Oprah would be a breach of privacy. Knowledge of Oprah’s medical condition is not required for Chris to perform his job duties, and he is only interested in her condition for personal gain.  How would Chris feel if everyone gossiped about his abdominal pain?
  12. 12. Respecting Patient Privacy  To remain in compliance with HIPAA laws:  Healthcare providers should give patients a Notice of Privacy Practices (NOPP)  Illustrates how the care provider will use the patients’ PHI  Tells patients their privacy rights  Allows PHI to be used for treatment, payment, and operations  Covered entities must only access the minimum amount of PHI necessary to perform their job duties
  13. 13. Respecting Patient Privacy  Ways to protect PHI include:  Being aware of your surroundings when talking about PHI  Leaving telephone messages that include no PHI  Ask yourself, “What if people were discussing my PHI like this?”  Check work areas to ensure no PHI is left unattended  Seal envelopes very well before sending  Dispose of PHI in secured bins for destruction  On the computer  Use (and regularly reset) passwords  Do not leave computer unattended
  14. 14. Examples of Privacy Breaches  Talking too loudly in public areas  Emails or faxes sent to the wrong person, address, or phone number  Failure to log off of computers (allowing others to access database)  Loss, theft, or improper disposal of items containing PHI  Paper, mail  Films, charts  CDs, flash drives  Unprotected computer systems being hacked into
  15. 15. HIPAA Breaches Nationwide
  16. 16. Report Immediately No Retaliation for Reporting  Report to your direct supervisor:  Stolen or missing devices containing PHI  Suspicious behavior  State laws require that privacy breach incidents be reported to the state’s Department of Public Health within a few days  Under HIPAA, covered entities cannot retaliate against employees for reporting privacy breaches Reporting HIPAA Violations
  17. 17. Resources  HBVideocast. (n.d.). “Health Information Privacy”. Retrieved August 2, 2013 from  The Regents of University of California. (2011). “HIPAA 101: Privacy and Security Training”. Retrieved August 2, 2013 from raining.pdf.  U.S. Department of Health and Human Services. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved August 2, 2013 from ummary/.