4. HIPAA Privacy Rule
§
Federal
Law
§
Applies
to
health
plans,
health
care
clearinghouses,
healthcare
professionals
§
Protected
Health
Informa*on
(PHI)
§
Employees
may
access
PHI
ONLY
when
necessary
to
perform
their
job-‐related
du*es.
5. Unauthorized Access / Breaches
§
Access
must
be
authorized
§
Pa*ent
Confiden*ality
Breach
in
UCLA
Hospital
§
Hospital
failed
to
take
adequate
steps
to
protect
pa*ent
confiden*ality
§
Incident
led
to
termina*ons,
suspensions,
warnings
of
over
120
employees
6. Penalties
§
Civil
penal*es
of
$100
per
viola*on
§
Maximum
civil
penal*es
of
$25,000
per
year,
per
person,
per
standard
§
Criminal
penal*es
for
willful
offenses
of
$50,000
to
$250,000
and
imprisonment
§
Addi*onal
penal*es
under
state
law
§
Lawsuits
§
Unaware
or
“not
knowing”
is
not
valid
excuse
and
s*ll
punishable
7. What can we do?
§
Know
the
organiza*on’s
policy
on
Pa*ent
Confiden*ality
and
adhere
to
them
§
Your
responsibility
to
report
any
privacy/security
breaches
involving
PHI
§
Implement
administra*ve,
technical,
and
physical
safeguards
required
by
the
HIPAA
privacy
and
security
rule
§
Recurrent
organiza*on
training
on
HIPAA
and
steps
to
safeguard
PHI
§
Protect
all
means/forms
that
contain
PHI
–
files,
computers,
etc.
8. What can we do?
§
DO
keep
computer
sign-‐on
codes
and
passwords
secret,
and
DO
NOT
allow
unauthorized
persons
access
to
your
computer.
Also,
use
locked
screensavers
for
added
privacy.
§
DO
keep
notes,
files,
memory
s*cks,
and
computers
in
a
secure
place,
and
be
careful
NOT
to
leave
them
in
open
areas
outside
your
workplace,
such
as
a
library,
cafeteria,
or
airport.
§
DO
NOT
place
PHI
or
PII
on
a
mobile
device
without
required
approval.
DO
use
encryp*on
when
sending
or
storing
PHI
or
PII
on
mobile
devices,
including
“thumb”
or
“flash”
drives.
§
DO
hold
discussions
of
PHI
in
private
areas
and
for
job-‐related
reasons
only.
Also,
be
aware
of
places
where
others
might
overhear
conversa*ons,
such
as
in
recep*on
areas.
§
DO
make
certain
when
mailing
documents
that
no
sensi*ve
informa*on
is
shown
on
postcards
or
through
envelope
windows,
and
that
envelopes
are
closed
securely.
§ DO
follow
procedures
for
the
proper
disposal
of
sensi*ve
informa*on,
such
as
shredding
documents
or
using
locked
recycling
drop
boxes.
§
When
sending
an
e-‐mail,
DO
NOT
include
PHI
or
other
sensi*ve
informa*on
such
as
Social
Security
numbers,
unless
you
have
the
proper
wricen
approval
to
store
the
informa*on
and
use
encryp*on.
9. Summary
§
It
is
everyone’s
responsibility
to
protect
pa*ent’s
confiden*ality
§
So
again,
do
you
have
the
urge
to
look
at
a
pa*ent’s
medical
record?
10. References
Greene,
A.
H.
(2012,
April).
HIPAA
Compliance
for
Clinician
Tex*ng.
Journal
of
AHIMA
,
pp.
34-‐36.
Retrieved
from
hcp://library.ahima.org/doc?oid=105342#.V020n-‐pf17g
HHS.gov.
(2016).
Health
Informa2on
Privacy
.
Retrieved
March
30,
2016,
from
The
HIPAA
Privacy
Rule:
hcp://www.hhs.gov/hipaa/for-‐professionals/privacy/
HIPAA.
(2009).
Beyond
the
HIPAA
Privacy
Rule:
Enhancing
Privacy,
Improving
Health
Through
Research.
Retrieved
October
30,
2014,
from
hcp://www.ncbi.nlm.nih.gov/books/NBK9571/
#_ncbi_dlg_citbx_NBK9571
HIPAA.
(2014).
HIPAA
Viola2ons.
Retrieved
May
6,
2015,
from
Healthcare
Business
and
Technology:
hcp://www.healthcarebusinesstech.com/hipaa-‐viola*ons/