The document discusses a breach of patient confidentiality at UCLA Medical Center where employees illegally accessed and viewed patient health records between 2004 and 2006. As a result, the hospital failed to properly train staff on HIPAA guidelines to protect patient privacy. Going forward, the hospital needs to implement new training protocols for all current and new staff on HIPAA regulations to prevent similar violations and ensure patient information remains private.

1. MAINTAINING PATIENT CONFIDENTIALITY
ARTHURINE CANNON
MHA:690
August 21, 2014

2. BREACH OF CONFIDENTIALITY AT UCLA BY ITS
EMPLOYEES
A fox news reported he California Department of Public Health
released a statement stating that their employees illegally viewed
patient health records between January of 2004 and June of 2006
(www.foxnews.com). The blame fell on the hospital administrators
for not taking the necessary steps to ensure the type of activity does
not occur by their training staff. Since this is a problem with current
staff a new training protocol needed to be implemented to train all
staff on HIPAA guidelines in order to protect the privacy of its
patients. And the new hires will also be required to go through the
HIPPA training on how to protect patient information. As this
information must be a top priority for all healthcare organizations.

3. HIPAA
 The Health Insurance Portability and
Accountability Act of 1996 That requires
healthcare providers promise to maintain
privacy, confidentiality and security of the
health information and every person entering
their establishments. This is the patients right.
In the case of the UCLA Medical Center their
confidentiality rights were violated by the
people they trusted.

4. HIPAA VIOLATIONS
 American Recovery and Reinvestment Act of
2009 established Penalty structure and
Penalties Range $100 – $1.5 million; Prison
Time: 1-10 Years (American Medical
Association, 2013).

5. GUIDELINES HIPPA
 Limit access to patient information to authorized personnel only.
 Ensure that institutional policies and practices with respect to
patient confidentiality, security and release if information are
consistent with regulations and laws.
 Educate healthcare personnel on confidentiality and data security
requirements, take steps to ensure all healthcare personnel are
aware of and understand their responsibilities to keep patient
information confident and secure and impose sanctions for
violations.
 Implement technical and administrative safeguards to protect
medical record files and computerized data against unauthorized
use, access and disclosure and ensure data confidentiality, integrity
and availability.
 Conduct risk assessment and audits periodically (www.ache.org).

6. POLICY POSITION
 The American College of Healthcare Executives
believes that in addition to following all applicable
state laws and HIPAA, healthcare executives have a
moral and professional obligation to respect to respect
confidentiality and protect the security of patients’
medical records. As patient advocates, executives must
ensure their organization obtains proper authorization
to release information or carefully follow defined
policies and applicable laws in those cases for which
the release of information without consent is indicated
(ache.org).

7. CONCLUSION
 A healthcare facility manager should provide
training to its employees on the violations of
patient confidentiality. Training sessions on
patient confidentiality and the consequences of
these actions if breeched with emphasis on
HIPPA. The training session needs to be
annually and mandatory.

8. REFERENCES
 www.ache.org/policy.hiconf/cfm
 American Medical Association. 2013. HIPPA Violation
and Enforcement. Retrieved from www.ama-assn.
org//ama/pub/physician-resources/solutions-managing-
your-practice/coding-billing-insurance-affortability-
accountabality-act/hipaa-violation-enforcement.
pag
 Report: Over 120 UCLA Hospital Staff Saw Celebrity
Health Records (2008, August). Associated Press.
Retrieved from www.foxnews.com