This document discusses the importance of patient confidentiality and compliance with laws like HIPAA. It outlines that patient medical information should only be accessible to authorized medical professionals and disclosed only with patient consent. Hospitals must implement training, safeguards, and role-based access controls to ensure only approved staff can access and handle protected health information. Any breach of patient confidentiality, even if unintended, should result in disciplinary action to maintain patient trust in the healthcare system.

1. Confidentiality
MHA690: Health Care Capstone
Ryan L. Ulibarri
9-26-2013
Report: Over 120 UCLA hospital staff saw celebrity health records (2008)

2. Introduction
Patient Confidentiality
Importance of Patient
Confidentiality
HIPAA
 Maintaining
Confidentiality
Display Actions
Conclusion
 In recent years, other
laws, especially the
Health Insurance
Portability and
Accountability Act
(HIPAA), have had
serious impact on the
administration of these
plans by, among other
things, implementing
privacy and related
requirements with
respect to personal
health information of
plan participants.
(Wolper 2011, p. 268)

3. Patient Confidentiality
 AMA's Code of Medical Ethics states that the information disclosed to a physician during the
course of the patient-physician relationship is confidential to the utmost degree.
 The legal basis for imposing liability for a breach of confidentiality is more extensive than
ethical guidelines, which dictate the morally right thing to do.
 This agreement allows the patient to feel free and easy no confidential medical information
will be disclosed or looked at without the patients express consent unless required to
disclose the information by law.
 A breach of confidentiality is a disclosure to a third party, without patient consent or court
order, of private information that the physician has learned within the patient-physician
relationship.
 Physicians should set up office procedures to prevent the release of medical records without
a copy of the patient's release.
 Do not release patients medical records to any 3rd parties in any case unless the patient has
the proper documents allowing to do that, this will can otherwise lead to breach of
confidentiality.
 Any breach in confidentiality—even one that seems minor—can result in mistrust and,
possibly, a lawsuit and/or disciplinary action.
Patient Confidentiality. (“n.d.”). Retrieved September 25, 2013, from http://www.ama-assn.org/ama/pub/physician-
resources/legal-topics/patient-physician-relationship-topics/patient-confidentiality.page

4. Importance of Confidentiality
Physicians have always had a duty to keep their
patients' medical records Confidential.
Physicians, Nurses, and office personal should
inform patients of the limits of confidentiality
protections and allow the patients to decide
whether treatment outweighs the risk of the
disclosure of sensitive information.
Protecting patients personal information needs to
be a mission to hospitals and all its staff to
provide the best patient experiences possible.

5. HIPAA
Health Insurance Portability and Accountability Act
Passed in 1996 by Congress
 The HIPAA Privacy regulations require health care providers and
organizations, as well as their business associates, develop and follow
procedures that ensure the confidentiality and security of protected
health information (PHI) when it is transferred, received, handled, or
shared.
 Mandates industry-wide standards for health care information on
electronic billing and other processes.
 Requires the protection and confidential handling of protected health
information.
 All personal who handles patient records of any kind need to be educated
on HIPPA compliances.
 HIPPA requirements are enforced by the Office for Civil Rights, an agency
within the US Department of Health and Human Services.
Health Insurance Portability and Accountability Act. (2013). Retrieved September 24, 2013, from
http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00%20WhatisHIPAA.aspx

6. Maintaining Confidentiality
Protection of Individually Identifiable Health Information (PHI)
 All information contained in patient medical and billing records is
confidential regardless of format; print, audio, electronic display or
storage.
 Hospitals need to inform patients of the current laws regarding Privacy
Practices.
 Violation of patient information and confidentiality standards, whether
intentional or unintentional, will be subject to disciplinary actions.
 All employees shall receive information and training concerning the
standards for Confidentiality of Patient Information and HIPAA in annual
mandatory education training.
 Healthcare organizations need to implement role-based access control
measures and processes for ensuring compliance measures within their
organizations to not allow medical records to be viewed by non authorized
personnel.

7. Maintaining Confidentiality
Continued
Safeguards
 Make sure you log off computer when leaving your area.
 Dispose paper in proper confidential bins to throw away.
 Position computer screens so patient information is not
visible to passerby
 Locate printers and fax machines in secure areas.
 Never take home patient information home unless it is
approved.
 Do not discuss a patients medical history to other
employees.
 A key thing to remember, patients need to feel confident
their medical records are confidential – ‘they trust you’.

8. Display Actions
 All personnel members need to trained on the Privacy and
Security Polices and Procedures to the level appropriate for
their job responsibilities and training must be documented.
 All new hires need to be provided training during their hiring
and orientation process.
 All employees need to sign a Confidentiality Agreement which
will be stored in their company Human Resource Department.
 All employees shall receive information and training
concerning the standards for Confidentiality of Patient
Information and HIPAA in annual mandatory education
training.
 All employees shall receive information and training
concerning the standards for Confidentiality of Patient
Information and HIPAA in annual mandatory education
training.

9. Conclusion
A breach of patient confidential information, whether
intentional or unintentional needs to be subject to
disciplinary actions. UCLA like so many health care
organizations have little real information on the number of
people within their organizations that have access to
electronic medical records, and even less information on
those who might have actually accessed those records.
This is a major problem and the case against UCLA
personnel in 2008 created organizations to implement
role-based access control measures and processes for
ensuring compliance to maintaining confidentiality of
patient information. As shared by Wolper (2011), “In
general, the Privacy Rule comprises five key principles: (1)
consumer control, (2) the setting of boundaries, (3)
accountability, (4) public responsibility, and (5) security’ (p.
390).

10. References
Health Insurance Portability and Accountability Act. (2013).
Retrieved September 24, 2013, from
http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00%
20WhatisHIPAA.aspx
Patient Confidentiality. (“n.d.”). Retrieved September 25, 2013,
from http://www.ama-assn.org/ama/pub/physician-
resources/legal-topics/patient-physician-relationship-
topics/patient-confidentiality.page
Wolper, L.F. (2011). Health care administration: Managing
organized delivery systems (5th ed.). Sudbury, MA: Jones and
Bartlett Publishers