This document discusses patient health information (PHI) and the importance of protecting it. PHI includes names, medical records, social security numbers, and any other identifiable health data. The HIPAA Privacy Rule was enacted in 2003 to protect PHI and sets regulations for covered entities like healthcare organizations. Some key aspects of the Privacy Rule are that it covers paper, electronic, and verbal PHI and restricts unauthorized access. Violations can result in fines or criminal charges. An example is provided of over 120 UCLA hospital employees improperly accessing celebrity medical records between 2004-2006. Confidentiality training is effective for educating staff on protecting PHI and consequences of breaches.

1. PATIENT
HEALTH
INFORMATION
• ALETHA RATCLIFF
• MHA 690 HEALTH CARE CAPSTONE
• HWANGJI LU
• APRIL 23, 2020

2. WHAT IS PATIENT INFORMATION?
• Patient information is also called personal
health information (PHI).
• What is (PHI)?
Personal health information has been
defined as any healthcare information
pertaining to their health status, payments for
healthcare, or health provision pertaining to or
collected by a covered entity.

3. WHAT CAN BE CONSIDERED AS PHI?
• Patient names
• Patient hospitalization days
• Patient phone numbers
• Patient email addresses
• Patient social security
numbers
• Medical record numbers
• Account numbers
• Pictures of patients
• Any other unique
identifiers

4. WHY IS PROTECTING PHI IMPORTANT?
• Protect the patient’s dignity
• To protect the healthcare organization’s
integrity
• This information may
• Personal autonomy
• Respect
• A patient’s medical records includes the
most intimate details about a person’s life.
• HIPAA fines and incarceration
• Privacy Rule

5. PRIVACY
RULE
• In April 2003, requirements of the HIPAA
Privacy Rule was enacted. The HIPAA Privacy
Rule covers personal health information PHI.
Personal health information is information that
is maintained, transmitted, created, or received
by a healthcare organization or a covered
entity.
• These privacy rules protect all categories of
protected health information [PHI], these
include paper, electronic, and verbal
information (Vanderpool, 2019). This type of
information easily identifies the individual
connected to the information and details the
individual's mental or physical health,
payments associated with care, and the
provision of healthcare (Wager, Lee, Glaser,
2017).

6. PRIVACY RULE (CONT’D)
• On the other hand, the HIPAA security rule secures personal health
information that is electronically maintained or transmitted. This rule
applies to all electronic media, to include, personal computers,
servers, magnetic tapes and discs, and optical disks.
• If these HIPAA regulations are violated in the resolution agreement is
not a here too, the Health Care Organization Can Face Money
penalties for not complying. Resolution agreement often, already
include payments of resolution amounts.

7. HIPAA
VIOLATION
S
HIPAA violations include:
• Unauthorized disclosure of patient
information
• Using another employee’s
credentials to view unauthorized
patient information
• Mishandling PHI
• Text messaging PHI
• Unauthorized releases of PHI
• Unmonitored PHI logs
• Failure to report HIPAA complaints
• Failure to conduct risk analyses
• Theft of patient records
• Improperly disposing PHI
• Failure to give patients access to
their PHI
• Sharing a patient PHI on social

8. EXAMPLE OF A
BREACH OF
CONFIDENTIALI
TY
(UCLA HOSPITAL
STAFF
MEMBERS)
A report from the California Department of Public Health
stated that “More than 120 workers at a Los Angeles hospital
looked at celebrities' medical records and other personal
information without permission between January 2004 and
June 2006” (Fox News, 2008, para.1).
The California state regulators blamed the healthcare
organization for not ensuring adequate steps were made to
maintain patient confidentiality and security.
Another report by the Los Angelos Times made on the same
incident acknowledged that the UCLA employees accessed
medical records of celebrity patients that included California
first lady Maria Shriver, Farrah Fawcett and Britney Spears
(Fox News, 2008).One of their employees reportedly looked at records of about
900 of their patients, viewed Social Security numbers with
out legitimate reason, authorization, or permission and
viewed health insurance information and addresses, in 2007.
The former employees face federal criminal charges for
violations of patient privacy
One employee used their supervisor’s credentials in order to
view a patient’s personal health information

9. WHY IS CONFIDENTIALITY TRAINING
EFFECTIVE?
• This training explains to the employees how important it is to keep
patient information confidential.
• This training explains what the consequences are for breaching patient
confidentiality.
• Not only does patient confidentiality breaches affect the employee, it also
affects the organizations integrity as well as their reputation.
• This training explains that patient privacy it of the utmost importance.
• This training shows an example of a healthcare organization that
breached patient confidentiality.
• This training shows employees what to do as well as what not to do.

10. REFERENCES
• Fox News. (2008). Report: Over 120 UCLA hospital staff saw celebrity health
records (Links to an external site.). Retrieved
from https://www.foxnews.com/story/report-over-120-ucla-hospital-
staff-saw-celebrity-health-records
• Vanderpool, D. (2019). HIPAA Compliance: A common sense approach.
Retrieved from: http://eds.b.ebscohost.com.proxy-
library.ashford.edu/eds/pdfviewer/pdfviewer?vid=2&sid=3ee8659b-029c-
4657-ae72-1256cfd719c0%40sessionmgr101
• Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information
systems: A practical approach for health care management (4th
ed.). Retrieved from https://content.ashford.edu