The document discusses federal laws including HIPAA, the Privacy Rule, and the Patient Safety Act that protect patient medical record confidentiality and health information privacy. It explains that these laws establish standards for how patient health information can be used and disclosed, provide patients with privacy rights over their information, and enforce confidentiality. The document also provides recommendations for organizational policies and security measures to ensure compliance with these federal regulations and protect patient privacy.

1. HIPAA AND PATIENT MEDICAL RECORD
CONFIDENTIALITY
Federal civil rights laws and the Health Insurance Portability
a n d A c c o u n t a b i l i t y A c t ( H I PA A ) P r i v a c y R u l e , t o g e t h e r
protect your fundamental rights of nondiscrimination and
h e a l t h i n f o r ma t i o n p r i v a c y. C i v i l R i g h t s h e l p t o p r o t e c t y o u
from unfair treatment or discrimination, because of your
r a c e , c o l o r, n a t i o n a l o r i g i n , d i s a b i l i t y, a g e , s e x ( g e n d e r ) , o r
religion. Federal laws also provide conscience protections
for health care providers.
The Privacy Rule protects the privacy of your health
information; it says who can look at and receives your health
information, and also gives you specific rights over that
information. In addition, the Patient Safety Act and Rule
establish a voluntary reporting system to enhance the data
available to assess and resolve patient safety and health care
quality issues and provides confidentiality protections for
patient safety concerns.

2. HEALTH INFORMATION PRIVACY
The Office for Civil Rights enforces the HIPAA Privacy Rule,
which protects the privacy of individually identifiable
health information; the HIPAA Security Rule, which sets
national standards for the security of electronic protected
health information; and the confidentiality provisions of
the Patient Safety Rule, which protect identifiable
information being used to analyze patient safety events
and improve patient safety.
The Standards for Privacy of Individually Identifiable Health
Information (“Privacy Rule”) establishes, for the first
time, a set of national standards for the protection of
certain health information. The U.S. Department of Health
and Human Services (“HHS”) issued the Privacy Rule to
implement the requirement of the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”).

3. THE PRIVACY RULE
Standards address the use and disclosure of
individuals’ health information—called
“protected health information” by organizations
subject to the Privacy Rule — called “covered
entities,” as well as standards for individuals'
privacy rights to understand and control how
their health information is used. Within
HHS, the Office for Civil Rights (“OCR”) has
responsibility for implementing and enforcing
the Privacy Rule with respect to voluntary
compliance activities and civil money penalties.

4. ORGANIZATIONAL POLICIES AND REGULATIONS
• All staff members should have training at least annually on
confidentiality especially when the staff has access to personal
information; the training should include HIPAA rules and regulations.
Staff should know that there can be serious ramifications for violating a
patient’s privacy.
• All employees that have access to personal information should be
required to attend the annual training. During the meeting they should
be given an employee handbook that address confidentiality and the
employees should sign a copy for their personnel file.
• Training should include a review of applicable Case Studies of various
types of violations of medical record confidentiality and HIPAA
regulations.
• Role playing exercises should be conducted to teach personnel what to
do in the event they witness violations and misuse of patient records.
• Training should incorporate real life examples of potential
confidentiality violations and how to avoid mistakes.
• A Privacy Officer should be used to monitor and to make sure that
security measures are maintained, that all the applicable state and
federal laws are enforced, and that all organizational policies and
procedures are followed.

5. SECURITY MEASURES
• Background checks for all employees
• Limited Access to Records
• Login Authentication
• Monitor Login Frequency
• Maintain Chain-of-Custody
• List of all Personnel Associated with Patient
Care
• Maintain Attendance Records
• Record Login Dates and Time

6. REFERENCES
Summary of the HIPAA Privacy Rule (2012) –
U. S. Department of Health and Human
Services. Retrieved June 28, 2012 from
website:
http://www.hhs.gov/ocr/privacy/hipaa/unders
tanding/ summary/index.html