Protecting Yourself and Others:Patient Confidentiality Issues<br />Knowing the confidentiality requirements of your organization can protect you from making a mistake:<br />That could cost you your job.<br />Cause your organization to have a HIPAA violation.<br />Embarrass or harm your patient.<br />
Health Information Portability and Accountability Act of 1996<br />HIPAA was implemented in 1996 in an effort to protect patients personal health information (Kaiser Permanente, 2011).<br />The federal government defined protected health information or PHI as the following (Kaiser Permanente, 2011):<br /><ul><li>Patient’s name, D.O.B., phone numbers, addresses, or emails
Biometric information including finger prints, voice prints, and retinal scans
Photographs (including those on a driver’s license or insurance card)
Any number or symbol that identifies a specific patient</li></li></ul><li>Who is violating HIPAA?<br /><ul><li>In 2009, a physician and two other hospital employees pled guilty in federal court for accessing a patient’s records without authorization. All three were fired from their positions. (Allnurses.com, 2009).
In May 2007, a UCLA administrative assistant was terminated and indicted for accessing celebrity medical records and selling them to a media outlet. (Medlaw.com, 2008).
U.S. Department of Health & Human Services Office for Civil Rights fines Cignet Health $4.3 million for HIPAA violations for denying patients access to their own records (ABC News, 2011).
A Florida nurse was fired for allegedly accessing Tiger Woods medical records. The nurse has file suit against the hospital. (Neil, 2011).
Former California health care worker becomes first person in United States to be sentenced to prison for HIPAA violations. He was accused of illegally accessing celebrity records 323 times (Journal of AHIMA, 2010).</li></li></ul><li>What should (and shouldn't) you do?<br />There are many steps an organization can take to protect its patients’ PHI:<br />DOs<br /><ul><li>Limit access to the records to only those who must have it to do their job.
Have private consultation rooms where clinicians can speak with patients.
Maintain Business Associate Agreements with all vendors who need access to patient records.
Have all employees and physicians sign a Confidentiality Agreement
Have processes in place for electronic communications.</li></ul>DON’Ts<br /><ul><li>Do not leave medical records in unprotected areas.
Do not share patient information with family, friends, and co-workers.
Do not post patient information in public areas.
Do not have phone conversations with patients in areas where you can be overheard.
DO NOT ACCESS ANY RECORD THAT YOU DO NOT NEED TO SEE IN ORDER TO PERFORM YOUR JOB DUTIES!</li></ul>***The above information was obtained from Kaiser Permanente, 2011.<br />
Social Networking in Health Care<br />Social Networking has found its way into health care. As with any other technology, it can have a positive or negative connotation depending how it is used. Many large health care organizations are using social networks such as Facebook and MySpace to reach out to communities and build relations. <br />Remember: Images are protected information. Do not take pictures of your patients or your co-workers and post them to your social page. Also, do not share information about patients’ conditions or treatments. Organizations that utilize social network must have clearly defined policies for there use and access.<br />
CONCLUSION<br /><ul><li>HIPAA is here to stay. Know your rights and your obligations in order to protect yourself and your patient.
If you are not sure you should be accessing a patient’s information: DON’T
Always be aware of your surroundings. PHI must be kept in a secure location.
When in doubt, ask someone. It is smarter to ask for permission than try and explain to the court system why you accessed a patient’s PHI.</li></li></ul><li>REFERENCES<br /><ul><li>ABC New Center. (2011, February 22). Prince george's company gets multi-million dollar fine for HIPAA violation. Retrieved electronically February 23, 2011 from http://www.abc2news.com/dpp/news/state/prince-george's-company-gets-multi-million-dollar-fine-for-hipaa-violation
Allnurses.com. (2009, August 5). Doctor and 2 former hospital employees fired for HIPAA violations. Retrieved electronically February 23, 2011 from http://allnurses.com/nursing-news/doctor-2-former-413531.html
Journal of AHIMA. (2010). Californian sentenced to prison for HIPAA violation. Retrieved electronically February 23, 2011 from http://journal.ahima.org/2010/04/29/californian-sentenced-to-prison-for-hipaa-violation/
Kaiser Permanente. (2011). What everyone in your practice needs to know: Practical HIPAA. Retrieved electronically February 23, 2011 from http://www.ccalac.org/files/Symposium%20Folders/Symposium%202011/Presentations/Operations/Ops%20-%20Session%203.pdf
Medlaw.com. (2008, May 8). UCLA employee indicted for celebrity privacy violations: Hospital employee sells celebrity medical info to tabloids. Retrieved electronically February 23, 2011 from http://www.medlaw.com/healthlaw/Medical_Records/8_4/ucla-employee-indicted-for-celebrity-privacy-viola.shtml
Neil, M. (2011, January). Accused of peeping into tiger woods’ medical records and fired, nurse sues for defamation. Retrieved electronically February 23, 2011 from http://www.abajournal.com/news/article/accused_of_peeping_into_tiger_woods_medical_records_and_fired_nurse_sues_fo/</li>