This document discusses regulations around protected health information (PHI) and patient privacy. It provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) which established standards for privacy protection of health data. PHI is defined as including demographic and medical information about an individual's health as well as information used to identify them. The document outlines an organization's internet and electronic medical records policies, which restrict access to authorized medical personnel and allow monitoring of usage for regulatory compliance. Medical staff are advised any PHI must be kept confidential and only shared on a need-to-know basis.

1. THE CHALLENGES TO
CLINICAL SYSTEM
ADOPTION

2. PROTECTED HEALTH INFORMATION
(PHI)
REGULATION TRAINING
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPPA) with the intent
of developing standards for health data and its exchange and regulations on privacy protection (Centers for
Medicare and Medicaid, 1996).
Recognizable health information under Protected Health Information includes (SK&A, 2010):
I. Demographic data of the individual’s past, present or future physical or mental health and or condition,
II. The delivery of health care to the individual, or
III. The past, present or future payment for the delivery of health to the individual,
IV. And it identifies the individual and/or information used to identify the individual.

3. ALL EMPLOYEES ARE ADVISED THE ELECTRONIC
MEDICAL RECORDS (EMR) FALL UNDER PRIVACY RULES
Patient Confidentiality
This means records relating to or concerning individuals to whom the
facilities is providing, or has provided services is held under the
facilities internet or electronic medical records (EMR) policy.

4. INTERNET POLICY
 Only authorized medical personnel are allowed internet access and only for valid business reasons.
 Assigned account access codes are personal to each user and must not be shared with other team members.
 System administrators reserves the right to deny or terminate medical personnel to the internet in any violation
under HIPPA or PHI.
 Medical personnel do not have privacy with respect to their use of the institutions internet facilities.
 Therefore, any and all emails, messages, data, images other information received, transmitted or archived using
the internet system may be copied, accessed and used by system administrator or management (Health Care
Auditing Weekly, 2008, December 16).
 Also, any emails, messages, data or images may be disclosed to legally entitled third parties such as system
regulators, law enforcement agencies and state or federal courts (Kaiser Health News, 2010). This includes
materials that foster discrimination under the Civil Rights Act of 1964 and Title VI.

5. CODE OF CONDUCT
It is a violation of the ethical code of conduct to reveal patient information to
anyone outside of the facilities without the expressed written authorization of
the patient, patient’s guardian or court ordered (Studer, 2009).
Medical personnel within the facilities with information that pertains to the
patient is to be retained in confidence and revealed on a need to know basis
only.

6. IDENTIFICATION OF TRAINING NEEDS
 HR Coordinator training and development is a formal lecture presentation.
 The primary method is to inform individuals at all levels within the organization with the same
information.
 The training PowerPoint is on the release of policies and HIPPA and protected health information (PHI).
 This is the best method because the speaker can present more material in a given amount of time.
 The goal of any training or development effort is to provide value for the organization in medical
technologies, laws, regulations and effective compliance programs (Centers for Medicare & Medicaid
services (CMS), 2009).

7. REFERENCES
Center for Medicare and Medicaid Services (CMS). (1996). Health Insurance Portability and Accountability Act of 1996. Retrieved from
http://www.cms.gov/HIPPAGenInfo/01_Overview.asp
Centers for Medicare & Medicaid services (CMS). (2009). Recovery audit contractor overview. Retrieved from http://www.cms.gov/RAC/
Health Care Auditing Weekly. (2008, December 16). Employees fired after snooping in news anchor’s medical records. Retrieved from
http://www.hcpro.com
Kaiser Health News. (2010). Health law having affects on managed-care firms, medical suppliers. Retrieved from
http://www.kaiskerhealthnews.org/Daily-Reports/2010/May/28/Health -Overhaul-and-Business.aspx
SK&A. (2010). Physician office usage of electronic medical records software. Irvine, CA: Author.
Studer, Q. (2009). Straight A Leadership: Alignment, action, accountability. Gulf Breeze, FL: Firer Starter Publishing.