Training for staff in maintenance of Confidentiality

1. Confidentiality
MHA 690
Health Care Capstone
Anthony RIdley

2. Privacy & Confidentiality
Privacy refers to the right of an individual
to keep his or her health information
private.
Confidentiality refers to the duty of
anyone entrusted with health information
to keep that information private

3. The Health Insurance Portability and Accountability
Act of 1996 (HIPAA) Privacy Rule seeks to protect
individually identifiable health information from uses
and disclosures that may unnecessarily compromise
a person’s privacy. The HIPAA Privacy Rule provides
federal protections for personal health information
held by covered entities, but balances that
protection with permitting the disclosure of personal
health information needed for patient care and other
important purposes.

4. Covered Entities may use/disclose PHI
to carry out essential health care
functions such as in providing
treatment, payment, or other health
care operations.

5. Minimum Necessary: Covered entities
must make reasonable efforts to limit
the use or disclosure of, and requests
for, PHI to minimum amount necessary
to accomplish intended purpose. Very
often a complete medical record and
history is not needed for to determine a
treatment, plan of care, or medical
necessity in utilization.

6. Exceptions to the Minimum Necessary rule:
♦ Disclosures to or requests by providers for
treatment
♦Disclosures to individual
♦Uses/disclosures with an authorization
♦Uses/disclosures required for HIPAA standard
transaction
♦Disclosures to HHS/OCR for enforcement
♦Uses/disclosures required by law

7. Thing s to remember regarding PHI.
-If you do not need to see it, do not look at it.
-Discuss the patient’s condition in a private area and
only with the patient or the responsible party.
-Secure all PHI whether in hardcopy or electronic format
when it leaves your sight.
-Use secure methods of transfer (FTP, fax with
confidentiality statement on cover sheet, password
protected emails, etc).
-Failure to protect PHI that results ina breach and
unintended use may result in disciplinary action such as
suspension, termination, fines and prison time.

8. References
Protected Health Information, Uses and Disclosure, and
Minimum Necessary. (2012) Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/train
ing/udmn.pdf