Over 120 UCLA Hospital Staff Saw Celebrity Health Records article, what training could you as a manager, put into place to avoid this situation? Present training idea using Web 2.0 tools. How can this training on confidentiality be effective for the employees?

1. After reading this article, there are many options that could be done to help prevent
situations like this from occurring. It is very important to keep patients’ personal health
information and medical records confidential. This is one of the most important aspects that a
patient wants and needs in their care; to know that their information will not be shared or viewed
by those who do not need to know the information to care for them.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has a main
goal to assure that an individuals’ personal health information is properly protected, but still
allows for the needed information to be shared to provide quality health care and protect that
person’s health and well-being (“Health Information Policy”, n.d.). The first training
implementation that I would apply as a manager to avoid situations where personal health
information is viewed when it should not be is to give all employees a copy of the HIPAA
standards and requirements. This will state what is expected of them regarding their patients’
health information, when they can and should gain access to it, and when they should not. They
will be required, upon employment and every year thereafter, to sign a contract stating that they
understand these requirements and will follow them. This contract will also state any and all
possible disciplinary action and punishments that could take place against them if they were to
not comply with them or break the contract.
Employees will be required to review these contracts and resign them every year to
remind them that it is not okay for them to share information or view information of any patient
that they are not in direct care with. Once that is done, I would implement extra security
measures on the computer systems. In order to gain access to a patient’s personal health
information or medical records, the employee would be required to scan their identification
badge, which would be encrypted with their information and level of clearance and access, in
order to gain entry to view the information. By doing this, the hospital or health care
organization will have detailed records and will be able to view who has been gaining access to
patient records to determine whether or not they should be accessing these files or are doing so
without legitimate medical reasoning.
Finally, training on confidentiality will be effective for employees. They will be required
to, twice a year, attend a seminar in which they will be given a refresher course on HIPAA
standards and policies. Through this course, a good tool would be to have them take quizzes or
test them with different scenarios regarding what to do in an example situation. They will be
asked whether or not they should gain access to the patient’s information or whether they should
not. During this course, they will also be reminded that if they have any doubt or are questioning
whether or not this is okay, they can call a department in the hospital to ask a question about
whether the information should be accessed by them, someone else, or shared with someone
regarding a patient’s care.
References

2. Health Information Policy. (n.d.). U.S. Department of Health & Human Services. Retrieved
from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/.