This document discusses patient confidentiality and the requirements under HIPAA for protecting patient health information (PHI). It outlines the hospital's confidentiality policy, including only accessing PHI when needed for work and not sharing login credentials. Any unauthorized access or disclosure of PHI is considered a breach of confidentiality. The hospital audits system access and monitors for policy violations, which must be reported. Employees will be terminated for unauthorized PHI access.

1. Patient Health
Information
(PHI) must not
be improperly
disclosed.
Say no to
unauthorized
requests for
PHI.
Make sure
those passing
by don't see
PHI.

2. Patient Confidentiality 101
Health Insurance Portability and Accountability
Act (HIPAA) Basics
Why is Confidentiality Important?
Hospital’s Confidentiality Policy
What is a Breach of Confidentiality?
Audits and Monitoring Process
Reporting Violations
Disciplinary Actions

3. HIPAA Basics
 The Health Insurance Portability and Accountability Act (HIPAA) of
1996 (Public Law 104-191) was designed to protect the
privacy, confidentiality, and security of patient information.
 HIPAA standards are applicable to all health information in all of its
formats (e.g., electronic, paper, verbal). It applies to both electronically
maintained and transmitted information.
 HIPAA privacy standards include restrictions on access to individually
identifiable health information and the use and disclosure of that
information, as well as requirements for administrative activities such
as training, compliance, and enforcement of HIPAA mandates.
(Pozgar, 2012).

4. Why is confidentiality
important
 Confidentiality safeguards information that is gathered in the context of
an intimate relationship.
 It addresses the issue of how to keep information exchanged from being
disclosed to third parties.
 For example, confidentiality prevents physicians from disclosing
information shared with them by a patient in the course of a physician–
patient relationship.
 Any unauthorized or inadvertent disclosures of data gained as part of an
intimate relationship are breaches of confidentiality.
(Nass, Levit & Gostin, 2009).

5.  Adhere to hospital’s policies on confidentiality privacy, at all times.
 Access patient information only when information is required to
perform your work.
 Do not share or discuss patient information, unless it is necessary to
perform your work.
 Don’t ever share your identification number or password with anyone.
 Log off your computer session when you are not by your workstation.
 Ensure confidentiality when handling protected healthcare
information.
 All hospital employees will review the Privacy of Health Information
(PDF) Booklet located in the hospital’s portal; complete the quiz at
the end of booklet, and print certificate for inclusion in employee’s
personal record.
 All hospital employees will review, sign and return the Confidentiality
Form (PDF), located in the hospital portal.
Hospital’s Confidentiality poliCy
(Confidentiality and Privacy of Patient Information, n.d.).

6.  A breach of confidentiality occurs when a disclosure is
made to third party, without patient consent or court
order, of private patient information that the physician has
learned within the patient-physician relationship.
 Disclosures can be oral or written, by telephone or fax, or
electronically.
 For example, via e-mail or health information networks.
The medium is irrelevant, although special security
requirements may apply to the electronic transfer of
information.
What is a breach of
confidentiality?
Patient Confidentiality, (n.d.).

7. AUDITS & MONITORING process
 The hospital’s computer systems records all of your
system activities.
 The information you view and access using your account
leaves a digital trail of information, which includes where
you go and what you do.
 The system audits and monitors access to confidential
patient information on a regular basis; only access
information required to perform your job.
 All employees will be held accountable for unauthorized
access to confidential information.
(Protecting Patient Confidentiality and Security, 2011).

8. Reporting violations
 If you witness or suspect a confidentiality violation of a patient’s health
information, you must report it immediately to your supervisor.
 Other reporting means include:
 Hospital’s privacy office (email: vcsvs@hospital.edu or call 667-6726).
 Hospital’s Security office (email: lalks@hospital.edu or call 667-7363).
 Hospital’s Quality Assurance( email: qual@hospital.edu or call 667-
8272.
 You may also report violations anonymously, via the hospital’s Hotline,
 at 677-4444).
 REMEMBER: Reporting is everyone’s responsibility!
(Protecting Patient Confidentiality and Security, 2011).

9. Disciplinary actions
Unauthorized Access
equals
Termination of employment

10. References
Confidentiality and Privacy of Patient Information. (n.d.). Medical College of Wisconsin. Retrieved 2013, from
http://www.mcw.edu/GME/AR/ConfidentialityandPrivacyofPatientInformation.htm.
Patient Confidentiality. (n.d.). American Medical Association. Retrieved 2013, from http://www.ama-
assn.org//ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/patient-
confidentiality.page.
Pozgar, G. D. (2012). Legal aspects of health care administration (11th ed.). Sudbury, MA: Jones & Bartlett Learning.
Protecting Patient Confidentiality and Security. (2011). Upstate Medical University. Retrieved 2013, from
http://www.upstate.edu/forms/documents/F84037.pdf
Nass, S. J., Levit, L. A., & Gostin, L. O. (2009). Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health
Through Research. National Center for Biotechnology Information. Retrieved 2013, from
http://www.ncbi.nlm.nih.gov/books/NBK9579/.