2. Introduction
For decades, the confidentiality of health information has been a
controversial public policy issue because health information of today is
generally stored on computer systems that can be readily accessed through
internet websites. In today’s world of technology, there are computer
hackers that gain access to personal information that can be used to gain
access to any form of information possible. In order to attempt to safeguard
electronic health records (EHRs) from being stolen, organizations should
install a firewall into their system that would block access and warn
organizations when an attempt has been made to access information
(Kongstvedt, 2007, p. 5).
The purpose of today’s training section is to explain what HIPAA stands for,
its importance within the workplace and the involvement of the Joint
Commission. I will further explain how to avoid confidentiality dilemmas
and provide some suggestions as to how this training will be effective for
employees.
3. Health Insurance Portability &
Accountability Act (HIPAA)
Privacy Rule of 1996
Restricts access to personal health information
(PHI)
Covered entities
Importance in the workplace
4. Joint Commission
Adopted HIPAA definition of health care
information
What this information contains
6. Effective training
Establish policies and procedures
Holds everyone accountability
Educating staff
7. References
Confidentiality of worker health information. (2013).
Workplace Health & Safety, 61(9), 376-378.
doi:http://dx.doi.org/10.3928/21650799-20130827-
52.
Kongstvedt, P. R. (2007). Essentials of Managed
Health Care. 5th Edition. Jones & Bartlett Learning.
Editor's Notes
The Health Insurance Portability & Accountability Act (HIPAA) was passed in 1996 under the entitlement of Public Law 104-191 which holds health care providers accountable for maintaining patient health information confidentiality. The HIPAA Privacy Rule established to protect patient’s health information from being transmitted electronically except when care is provided or to file medical claims. This rule was issued by the U. S. Department of Health and Human Services as a requirement under the laws of the Health Insurance Portability and Accountability Act (HIPAA) which addresses the use and disclosure of individuals’ health information by covered entities (organizations) (U. S. Department Health and Human Services, 2014). It restricts access to health information only if the health care provider generating or maintaining the information is a covered entity under the rule.
A covered entity is any organization that is directly affected by the laws of HIPAA such as health plans, providers, and any organization or business associate directly involved in the care of the patient. It is important that these such entities are compliant with the laws governed under HIPAA because it protects them from major lawsuits which holding them accountability for safeguarding patient’s personal information from being stolen.
The Joint Commission adopted the definition of health care information as defined by HIPAA and utilizing it under what is known as personal health information (PHI). This information provides detailed personal information such as demographics, medical history, insurance data and other vital information necessary to diagnosis and treatment medical concerns. Whereas, the National Information Technology uses identifiable information that is patient specific through the individual’s health records obtained at the time of service according to the PHI.
Covered entities can avoid being non-compliant by educating their employees on the importance of safeguarding patient’s personal health information. This can be done during the orientation phase of employment and implementing an annual module for recertification to remain compliant with the educational aspects of HIPAA according to state laws.
Organizations must establish policies and procedures related to EHRs and implement them organization wide (Confidentially of worker health information, 2013, p. 378). Patient information is illegally being shared among coworkers and in some cases overheard by visitors and this creates a legal issue for the organization. This type of problem can be eliminated by re-educating the staff on the importance of only sharing patient information with individuals that are directly involved in the patient’s care in a private or confidential location