HIPAA was created in 1996 to protect patients' private health information. However, some healthcare workers have violated HIPAA by inappropriately accessing the medical records of high-profile patients like George Clooney, Britney Spears, and Farrah Fawcett. Violations can occur unintentionally due to a lack of training, or intentionally for malicious purposes such as selling private information to media outlets. Healthcare organizations can help prevent violations by educating employees on HIPAA policies and maintaining secure filing systems with access restrictions. Violations may result in fines up to $250,000 or imprisonment up to 10 years depending on the offense.

1. Calen A. Fletcher MHA690: Health Care Capstone September 22, 2011 Professor Sherry Grover Ashford University HIPAA Meets the High Profile Patient

2. What is HIPAA? Created in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was designed to create a comprehensive, uniform, patient protection process. For health care workers, HIPAA has been a challenge. Some violations are unintended activities by healthcare workers who fail to realize the risk of their actions and other violations are intentional inquiries and disclosures, malicious in nature. Some of the worst cases of HIPAA violations involve the malicious snooping by healthcare workers into the private files of patients to learn information that they have no relevant need to know.

3. Confidential Information HIPAA regulations help ensure that the patient has control over the use and spread of their personal health information. HIPAA's policies relating to the security of digital records---measures such as encrypted storage, secure disposal of old hardware and restricted access to medical records---help keep a patient's records private. By requiring health care providers to disclose to patients the details of how their information will be used and protected, HIPAA promotes transparency.

4. Violations High profile victims include George Clooney and Britney Spears, each who had their medical records viewed by staff members who were not involved with their treatment. Farrah Fawcett’s records were viewed by healthcare staff and subsequently sold to media outlets. Many times local celebrities, television personalities, and professional athletes are subject to HIPAA violations by health care workers.

5. How Do We Stop This? The best method for avoiding HIPAA violations is education. By properly training employees about what HIPAA prohibits and what is permitted, employees can be educated to avoid simple but costly mistakes.

6. How to Protect Patient Information Maintain secure filing systems. This applies to both electronic and paper health information. Electronic systems should be password protected, giving each individual user the appropriate access level. Items that are no longer needed should be shredded immediately. Each work section should have access to a shredder to prevent sensitive materials from being dropped or left in the open. Patrol for violations. Check desktops and counters to ensure no sensitive information is visible to unauthorized personnel including other patients

7. What Are The Consequences? Covered entities and specified individuals whom "knowingly" obtain or disclose individually identifiable health information in violation of the Administrative Simplification Regulations face a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000, and imprisonment for up to ten years.