2. Introduction
• Patient Confidentiality, Privacy, and Security
Awareness
The purpose of this training module is to explain the importance of
patient confidentiality, patient privacy, secure computing, and breach
responsibilities.
3. Overview
Confidentiality
Who is responsible for patient confidentiality?
-Board members
-Executive leadership
-Clinical staff
-Physicians and nurses
-Administrative and clerical staff
-Students, interns, and volunteers
4. Confidentiality
What patient information must remain confidential?
-Identity (name, address, social security number, date of birth, etc.
-Physical condition
-Emotional condition
-Financial information
5. Confidentiality
Guidelines
-Access patient information only on a “Need to Know” basis
-Discard confidential information appropriately (shredders, locked trash bins)
-Do not discuss confidential matters where others might hear
-Do not leave patients charts or files unattended
7. Federal Laws That Protect Patient Privacy
• Health Insurance Portability &
Accountability Act of 1996 (HIPAA)
• American Recovery and Reinvestment
Act of 2009 (ARRA)- HITECH Breach
Notification Provisions
• The Privacy Act of 1974
8. Protected Health Information (PHI)
What is PHI?
-Protected Health Information (PHI) includes demographic information
that identifies an individual.
PHI Identifiers include:
-name -Uniform resource locator (URL)
-full face photo -social security number
-finger or voice print -medical record number
-telephone number -insurance number
-address/zip code -account number
-email address -certificate/license
-fax number -vehicle identifier
-internet protocol (IP) address -all elements of dates
9. Security
Ensure Protected Health Information (PHI) is not disclosed to
unauthorized persons.
-Do not send email containing Protected Health Information (PHI)
unless it is encrypted.
-Log off your computer if you have to leave your workstation.
10. Breaches
If there has been unauthorized access, use, or disclosure
of PHI it is essential to report this to one’s supervisor
immediately.
Breach Examples
-Leaving patient identifiable information in public areas (by reception desk,
visible computer screens, copiers)
-Discussing PHI in a public place where it could be overheard by others
-Inappropriately accessing or disclosing patient information
-Lost, stolen or misplaced laptops and flash drives containing unsecured
PHI.
11. Conclusion
To ensure that patient privacy, confidentiality, and
security are protected:
• Never look at a patient’s record out of curiosity even with good intentions
• Follow the minimum necessary standard
• Double check names and phone numbers before sending PHI by fax or
email
• Log out of your computer if you have to leave your workstation.
• Never share passwords
• Familiarize yourself with the organizations Notice of Privacy Practices
12. References
Edmunds, S. (2018, June 29). What is the meaning of confidentiality
in the workplace? Retrieved from https://work.chron.com/meaning-
confidentiality-workplace-21886.html
Wolper, L.F. (2011). Health care administration: Managing organized
delivery systems (5th ed.). Retrieved from https://content.ashford.edu