1. Privacy and Confidentiality
Training for
Health Care Professionals
Rebecca Kmett
MHA 690 Health Care Capstone
Ashford University
Dr. Sherry Grover
April 4, 2013
2. Issues
Privacy and confidentiality of health information is
of paramount importance
Health information is particularly sensitive
Health workers are on the front lines when it comes
to safeguarding health information
Privacy and confidentiality training often is confined
to a once-a-year training course or reading and
annual signing of a confidentiality agreement
Over time, privacy and confidentiality may not
remain top of mind
3. Proposed Solutions
Make compliance an everyday part of the culture
Set up a compliance hotline so that staff members can anonymously
report privacy or confidentiality breaches
Have a compliance officer or team in place to investigate issues
Use online resources to track which staff members are logged in, only
granting access to those who require access to a record in order to
perform specific job responsibilities
In conjunction with the legal and HR department, create a policy
that allows employees to be suspended pending an investigation of a
potential breach
Perform surprise “spot checks” to uncover potential problems
Have ad hoc meetings to immediately address any near-breaches or
unsatisfactory spot checks and discuss potential remedies
Have leadership participate in online webinars and discussion
forums about compliance and report back to their teams
4. Proposed Solutions
Make training fun and/or memorable:
Create a “healthopoly” game modeled after Monopoly or the
game of Life
Turn training content into game show questions and award
gag gifts to teams that perform the best
Create a “Find the PHI” poster modeled after “Where’s
Waldo?” using a staged photo of the hospital’s registration area
and other vulnerable areas and have employees find all the
potential privacy threats
Demonstrate the devastating impact of a privacy violation by
showing videos of people who have been affected
Show a video of a former health care worker who violated
privacy and confidentiality practices and lost their job for it
5. Sample Game Show Trivia Questions
What is PHI?
Professional Health Inquiry
Protected Health Information
Private Hospital Intelligence
After the passage of the HITECH Act, what is the
maximum fine for a breach of patient privacy? (NYU
Langone Medical Center, 2011)
$250,000
$550,ooo
$1.5 million
Any hospital employee can access a patient’s records.
True
False
6. Sample Game Show Trivia Questions
What constitutes a privacy breach?
Telling a friend or family member about a patient’s case
Accessing a medical record even though it isn’t necessary to perform your job
duties
Talking about a patient’s case within earshot of other patients
All of the above
What is the right thing to do if you suspect that a privacy violation
has occurred?
Call the Compliance Hotline
Talk to a supervisor
Share your concerns with the patient
The first two answers are correct
If an employee violates a patient’s privacy and it was just an
accident, the hospital cannot be fined.
True
False
7. Sample Game Show Trivia Questions
What could be stolen and used to inappropriately gain
access to patient records?
Thumb drive
Laptop
iPad
Printed documents
Login and password
Employee ID badge
All of the above
This hospital has never had a HIPAA privacy violation.
True
False
8. Sample Game Show Trivia Questions
What is HIPAA? (DHS, 2013)
Health Insurance Protection and Affordability Act
Human Interaction Police Advisory Act
Health Insurance Portability and Accountability Act
High Involvement Patient Autonomy Act
Why do people violate privacy?
They do something without thinking
They don’t think they will get caught
They think it won’t hurt anyone
For financial gain
Any of the above
9. Sample Game Show Trivia Questions
High-profile public figures (celebrities, athletes) do not
have a right to privacy, and so you cannot commit a
HIPAA privacy violation by sharing their medical
information.
True
False
These are potential consequences for employees who
commit a privacy breach.
Fines
Criminal sentencing
Disciplinary action
Loss of employment
All of the above
10. Why Gamification Works
in Organizational Learning
“Where processes are the point, gamification is
probably the ideal, cost-effective means of providing
rules-based learning systems” (St. John-Brooks,
2011)
Games are engaging, interactive and fun
When learners make an emotional connection with
the material, they are more likely to remember it
“It was distressing how the public disclosure of that boy’s HIV
status caused him to be alienated.”
“That was so much fun when our team won that trivia game.”
“I was shocked by how much the hospital could get fined for a
privacy breach.”
11. References
NYU Langone Medical Center. (2011, May 3). HIPAA
Security: Harsh Fines, Penalties Are a Wake-up
Call to Us All. Retrieved April 4, 2013 from
http://compliance.med.nyu.edu/news/documen ting-
inpatient-admissions
St John-Brooks, I. (2011). What gamification can do to enhance
training. Benefits & Compensation International, 41(3),
28. Retrieved from
http://search.proquest.com/docview/901856212?
accountid=32521
U.S. Department of Health and Human Services.
(2013). Health Information Privacy. Retrieved April 4,
2013 from http://www.hhs.gov/ocr/privacy/