2. Over 120 health care
employees viewed
celebrities’ medical
records
Medical records
were viewed
between January
2004 – June 2006
Hospital employees
used management
passwords to view
medical information
Hospital employees
received disciplinary
action some
including dismissal
4. Refers to WHAT is protected
Information about an individual and the
determination of WHO is permitted to
use, disclose, or access the information
5. Refers to HOW information is
safeguarded
Ensuring privacy by controlling access to
information and protecting it from
inappropriate disclosure and accidental
or intentional destruction or loss (Upstate,
2011).
6. The Health Insurance Portability and Accountability
Act (HIPAA) of 1996 is set of statutes designed to
improve the efficiency and effectiveness of the US
health care system:
• Title I: Title I of HIPAA provides rules to "improve the
portability and continuity of health insurance
coverage" for workers when they change employers.
• Title II: Title II of HIPAA provides rules for controlling
health care fraud and abuse, and includes an
"Administrative Simplification" section that sets
standards for enabling the electronic exchange of
health information (University, 2013).
7. The Office for Civil Rights enforces the HIPAA Privacy
Rule, which protects the privacy of individually
identifiable health information; the HIPAA Security
Rule, which sets national standards for the security of
electronic protected health information; the HIPAA
Breach Notification Rule, which requires covered
entities and business associates to provide
notification following a breach of unsecured
protected health information; and the confidentiality
provisions of the Patient Safety Rule, which protect
identifiable information being used to analyze
patient safety events and improve patient safety
(United, 2013).
8. Places limits on how confidential health
information can be shared with others.
Establishes patient rights to control the
sharing of their health information.
Puts safeguards in place for confidential
health information collected,
maintained, used, or transmitted in
electronic form
9.
10. Shred all paper containing confidential health
information or place in closed receptacles
When faxing, verify the fax number before sending
Close doors or privacy curtains when having
discussions of confidential health information
Do not leave medical records unattended or in open
areas
Respect the privacy rights of employees who come
here for care by affording their information the
utmost confidentiality it deserves
Keep confidential health information you hear or see
to yourself (Upstate, 2011)
11. Protect your access by not sharing your account
and/or password with others
Do not write down or post your password on
computer systems
Never leave a workstation signed on or left
unattended with access to confidential health
information
Access information in computer systems when you
have a need to- know the information
Never disable or remove the virus detection software
Take measures to protect your computer passwords
so that they are not misused
12. Provide HIPPA training to all health care
employees
Distribute a hard copy of HIPPA practices
Administer an assessment at the
completion of the HIPPA training to
evaluate knowledge obtained
Implement monthly or quarterly
workshops to stay abreast of HIPPA
modifications and/or additions
13. Provide technical training to all health
care employees on accessing medical
information via computer, PDA,
MacBook, tablet, etc
Assign team leaders of each
department to monitor department
functions to ensure patient
confidentiality and privacy
14. Provide each health care employee with
a login and have them formulate a
password of which each department
team leader will have access to monitor
medical record access and review
Have all health care employees sign
confidentiality statements and
acknowledgements stating their
understanding of HIPPA practices
15.
16. Show interactive modules and videos
during HIPPA trainings to encourage
health care employees interaction
Questionaries' and surveys given to
health care employees as well as
patients may assist team leaders and
managers in developing department
standards and policies in regards to
patient confidentiality and privacy.
17. User education concerning virus
protection
User education in importance of
monitoring login success/failure, and
how to report discrepancies
User education in password
management
Education on awareness (Sheidy, 2002).
18. Sheidy, D.P. & McMahon, M.K. (2002). Hippa and
training: Web based strategies for compliance.
Retrieved September 26, 2013, from
http://www.ehcca.com/presentations/HIPAA/sheidy-
tue.pdf
United States Department of Health and Human
Services. (2013). Health information privacy. Retrieved
September 26, 2013, from
http://www.hhs.gov/ocr/privacy/index.html
Upstate Medical Center. (2011). Protecting patient
confidentiality and security. Retrieved September 26,
2013, from
http://www.upstate.edu/forms/documents/F84037.p
df
19. University Information Technology
Services. (2013). What is HIPPA?.
Retrieved September 26, 2013, from
http://kb.iu.edu/data/ayyy.html