2. Keeping Patient Data Secure
• Patient Health Information (PHI)
1. Contains names, birth dates, Social Security numbers,
addresses, phone numbers, and health insurance information
2. Must be maintained
3. Responsibility of everyone to keep confidential
3. Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
• Covers the protection of any information in an individual’s
personal records. Examples are:
– diagnosis and treatment reports
– progress notes
– recommendations
– conversations with personal caregivers
• HIPAA clearly states that no information shall be released
without written consent from the data owner (patient), unless
otherwise legislated, such as in emergencies or unusual
situations.
4. Health Information Technology for Economic
and Clinical Health Act (HITECH)
• In 2009 the HITECH act was put into place and hospitals were
given incentives of up to $40,000 per provider for using EHR's
and health information exchanges (HIE) at the state and regional
levels.
• HITECH safeguards the information that is processed into
computer systems used by care providers for:
1. billing
2. medication
3. clinical evaluation reports
4. radiological images and reports
5. laboratory test results
6. any information collected by individuals or organizations that
has a health semantic.
5. Penalties of Breeches
• The Department of Health and Human Services (HHS) must be informed of data
breeches as well as the individual (s) affected
• HHS issued privacy rules through a publication of proposed rules and
has the authority to enforce these rules to include investigations on
complaints and conducting HIPPA compliance reviews¹.
• HIPAA Violations
1. $100 per violation and up to $25,000 per year.
• If the breech and misuse of PHI is intentional, the following penalties can occur:
1. Reprimand or warning
2. Dismissal from organization
2. Fines ranging from $50,000 per occurrence to $250,000
3. Between 1 to 10 years in prison².
6. Do’s and Don’ts
Do
• Keep information secure
• Use passwords that are not
obvious and change them
regularly.
• Keep your voice down when
discussing patient information,
both in person and over the
phone.
• Lock computer when you leave
it.
Don’t
• Give out your password
• Fail to log off computers.
• Leave patient files easily
accessible.
• Post patient information online
without ensuring it is de-identified.
• Look up a patient’s medical
record without a valid reason.
7. Questions
1. What are some examples of PHI?
2. What does HIPAA protect?
3. HITECH safeguards what information?
4. Name some consequences for security violations.
5. What are you suppose to do to keep information private?
6. What are you not suppose to do?
8. Answers
1. Names, birth dates, Social Security numbers, addresses, phone
numbers, and health insurance information
2. diagnosis and treatment reports, progress notes, recommendations and
conversations with personal caregivers
3. Billing, medication, clinical evaluation reports, radiological images and
reports, laboratory test results, and any information collected.
4. Reprimand or warning, dismissal from organization, fines ranging from
$50,000 per occurrence to $250,000, or 1 to 10 years in prison.
5. Keep information secure, use passwords that are not obvious, don’t
give out your password, and lock computer when not in use.
6. Leave patient files easily accessible, post patient information online
without ensuring it is de-identified, and look up a patient’s medical
record without a valid reason
9. References
1. Karasz, H. N., PhD., Eiden, A., J.D., & Bogan, S., M.P.H. (2013). Text
messaging to communicate with public health audiences: How the HIPAA
security rule affects practice. American Journal of Public Health, 103(4), 617-
622. Retrieved from
http://search.proquest.com/docview/1340553579?accountid=32521
2. Swim, R. (2012). Keeping data secure: Protected health information and
medical equipment. Biomedical Instrumentation & Technology, 46(4), 278-80.
Retrieved from http://search.proquest.com/docview/1036947767?
accountid=32521
10. References
1. Karasz, H. N., PhD., Eiden, A., J.D., & Bogan, S., M.P.H. (2013). Text
messaging to communicate with public health audiences: How the HIPAA
security rule affects practice. American Journal of Public Health, 103(4), 617-
622. Retrieved from
http://search.proquest.com/docview/1340553579?accountid=32521
2. Swim, R. (2012). Keeping data secure: Protected health information and
medical equipment. Biomedical Instrumentation & Technology, 46(4), 278-80.
Retrieved from http://search.proquest.com/docview/1036947767?
accountid=32521
Editor's Notes
HIPPA was one of the first regulations placed into law that established the protection of health information. HIPAA clearly states that no information shall be released without written consent from the data owner (patient), unless otherwise legislated, such as in emergencies or unusual situations.
HITECH got government leadership involved in the implementation of electronic records and the security of PHI.
¹Karasz, Eiden, & Bogan, 2013, pg. 618
²Swim, 2012 p. 279