This document provides an overview of patient privacy and confidentiality requirements under HIPAA. It discusses how confidential patient information should only be accessible to authorized medical professionals and defines examples of privacy violations. Consequences for violations include fines ranging from $100 to $50,000 depending on the nature of the violation. The document recommends ways for medical staff to avoid violations such as not discussing private patient information in public areas, logging off computers properly, and only sharing information with authorized individuals. Employers are responsible for implementing security procedures and training staff annually on confidentiality policies.

1. Welcome to the HIPPA,
Privacy & Security Training
MHA 690 Health Care Capstone
Veronica L Nelson
Dr. Hwang-Ji Lu
May 9, 2016

2. The importance of confidentiality
• Confidentiality means making sure that information is only
available to those who are authorized to have access
• Usually, this will mean keeping things secret between the client and
you as the worker.
• As the medical staff, you will be privy to information that should
not be shared with your personal family members or even the
patient’s family.

3. What does confidentiality mean?
The information disclosed to a physician by a patient
should be held in confidence.
• The patient should feel free to make a full
disclosure of information to the physician or
medical staff in order to make the most effective
medical decisions or the services needed.
• The patient should be able to make this disclosure
with the knowledge that the medical professional
and their staff will respect the confidential nature
of the communication.

4. Patient Privacy
The privacy and security of patient health
information is a top priority for patients and
their families, health care providers and
professionals, and the government. Federal laws
require many of the key persons and
organizations that handle health information to
have policies and security safeguards in place to
protect your health information whether it is
stored on paper or electronically.

5. Revisit HIPPA Law
• Makes it easier for people to keep health insurance
• Protect the confidentiality and security of health care
information
• Gives patients the rights over your health information and
set rules and limits on who can look at or receive the
patients health information.
• Assist the healthcare industry to control administrative cost

6. What information is protected?
Information your doctors, nurses, and other healthcare providers put in
your
medical record.
• Conversations your doctor has had about your care or treatment with
nurses and
other healthcare professionals.
• Information about you in your health insurer's computer system.
• Billing information about you from your clinic/healthcare provider.
• Most other health information about you, held by those who must
follow this law.

7. Examples of confidentiality violations
• Insider snooping - This refers to family members or co-workers
looking into a person’s medical records without authorization.
• Releasing wrong patient's information - Through a careless
mistake, someone releases information to the wrong patient.
• Releasing information to an undesignated party
• Unprotected storage of private health information
• Discussing private health information in public areas of the
hospital
• Not logging off your computer or a computer system that
contains private health information
• Including private health information in an email sent over the
Internet

8. Confidentiality violations Consequences
• The fine for a first time infringement by someone who did not
know they violated HIPAA could be as low as $100 or as high as
$50,000.
• The fine for a violation due to willful neglect, but corrected
within the required time period, is a minimum of $10,000 per
violation with a maximum of $50,000.
• The fine when the willful neglect violation is not corrected
increases from $10,000 to $50,000.

9. How to avoid confidentiality violations
• Never use a patient's PHI for personal gain.
• Never snoop in a patient’s medical records
• Never share PHI with people who have no legitimate reason to
know the information
• Never share your computer passwords and log on information
• Never leave a computer unattended without logging off of the
computer.
• Never communicate PHI to a patient by a method that the patient
has not approved.
• Never discuss a patient's PHI in such a manner that other individuals
with no right or need to know the information can overhear the
information

10. Employers responsibility
Implementing computer procedures
Implement social media/HIPA security measures
Reinforcing the severity of penalties explained and enforced
Each year, hospital staff members review policies that address
patient and employee confidentiality

11. References
Cohen, L. T., Millock, P. J., Asheld, B., & Lane, B. (2015). Are Employers Responsible for an Employee’s Unauthorized Review of a
Patient’s Confidential Health Information?. Journal of the American College of Radiology, 12(4), 412-414.
DiCorcia, M. J., Duggan, A., & Petronio, S. (2012). Navigating Ethics of Physician-Patient Confidentiality: A Communication Privacy
Management Analysis.
Petronio, S., DiCorcia, M. J., & Duggan, A. (2012). Navigating ethics of physician-patient confidentiality: a communication privacy
management analysis. Perm J, 16(4), 41-5.
Suthers, G. (2013). PATIENT CONFIDENTIALITY: WHEN GOOD INTENTIONS ARE NOT ENOUGH. Pathology-Journal of
the RCPA, 45, S3.