Confidentiality Training December 3,2012 MHA 690Tina Welch,BS,RDMS,RVT,RCS,RT, ( R)
Objectives• Discuss compliance regulations relating to patient privacy and confidentiality• Identify HIPAA violations and disciplinary actions• Identify ways to prevent HIPAA violations
• HIPAA is a broad law dealing with the privacy and security of health information:• The Privacy Rule tells hospitals and physicians when and how patient health information can be used or disclosed• The Security Rule tells hospitals and physicians how to protect health information from being inappropriately accessed, edited, or destroyed. 3 11/9/2009 3
HIPAA is the conscious effort by all Healthcare workers tokeep private all concerning Patients Customers Families Employees See how many violations you spot on this you tube http://www.youtube.com/watch?v=4N5dvGpVUGE&feature=shar e&list=UL4N5dvGpVUGE
Confidentiality includes ?• The person’s identity• Physical condition• Psychological condition• Emotional status• Financial situation• Confidential business information• Any other personal or private information
Who are HIPAA officers?• HIPAA security officer – Risk Manager-Tina Welch – Ext.1234 *Always check with your supervisor if confidentiality questions arise
Need to Know• If you do not need to know confidential information to provide care (clinical or financial) – You are not permitted to access it – This includes your own information
Disciplinary Actions for Violations of HIPAA Policies• Disciplinary action depends on the violation and previous violations• Examples – Not signing off computer with Protected Health Information (PHI) when leaving a work area. – Inadvertent disclosure of PHI to the wrong patient – Failure to follow appropriate guidelines for the use of fax, mailing, E- mail, computer or other transmission of patient information causing a disclosure to an unintended recipient.
Disciplinary Actions for Violations of HIPAA Policies• Examples – Sharing your password with a co-workers – Unauthorized access of information on a patient you have no job- related responsibility for • This includes friends, family, co-workers, celebrities, and your information
Types of Risk• Nosy! – A co-worker accesses information• The only reason was for curiosity regarding: – Co-worker who is a patient – Physician who is a patient – Neighbor who is a patient – Celebrity who is a patient There is a “zero tolerance” for workers who access patient information without authorization!
Actions that could cause a HIPAA violation• Taking pictures of any patient’s image, body part or X-ray with personal cell phone cameras• Unauthorized access of sensitive health information – example: (HIV, Abuse)• Sharing or stealing password for the computer systems• Not verifying who you disclose patient information to (financial or clinical) and not confirming that the person requesting the information is authorized to receive it 11 11/9/2009 11
You can protect patient privacy• Respect the patient’s information and condition the same way you would expect others to respect and care for yours• Close treatment room doors or use privacy curtains when discussing the care of a patient.• Ensure that medical records are not left where others can see or gain access to them• Keep laboratory, radiology and other test results private• Keep computer screens containing PHI away from individuals not involved in direct care 12 11/9/2009 12
Destruction of paper containing patient information• Shred all patient information when it is to be discardedDo not place anything with a patient’s name or identifiers inthe regular trash. Patient name bands Telemetry strips• What about IV bags with med labels? If you can, peel off label.• Label must be shredded or blacked-out with a marker 13 13
Identification• All employees should question visitors or other persons who are in restricted areas.• Vendors and contractors will be wearing their company ID in addition to hospital identification noting that they have permission to be in the building• All employees, volunteers, students and other workforce members must wear their identification badges 14 11/9/2009 14
Monitoring Controls• Audit trails will document who was where in our systems and will document what the associate was accessing• Performed by our HIPAA Officers• Your User ID will link to every item opened, read or printed
• Types of information that you are not permitted to access, acquire, use or disclose without authorization from the patient include: – Medical information – Name, address, phone number – Social Security Number, date of birth – Photo of any part of the patient’s body, including X-ray images, whether or not they contain the patient’s name – Any information or data that could be used to identify the patient 16 11/9/2009 16
HIPAA enforcement actions• If you are found to be responsible for any type of a HIPAA violation the State Attorney General believes has threatened or in some way harmed a patient and is a resident of your State, you can be held responsible for your actions• The State Attorney General can bring a civil action in federal court• Federal Law imposes a maximum fine of $10,000 for each offense of breaching confidentiality 17 11/9/2009 17
Reporting HIPAA violations• We expect all employees to adhere to the HIPAA policies• Report violations to your Privacy Officer – Tina Welch, ext 1234 – You may report anonymously, if you wish – Compliance Helpline: 1-888-462-0380• You will not be retaliated against if you report a privacy violation• It is your job to report instances where you suspect policies are being broken 18 11/9/2009 18
Notification to Patients• Federal law now requires us to tell patients if someone has obtained their protected information• We must also notify patients any time their protected health information was inappropriately disclosed outside of the facility• We are required to notify the patient in writing and report all breaches of to the Federal Government. 19 11/9/2009 19
HIPAA• Never discuss Protected Health Information where others can hear you such as hallways, lunch rooms, or elevators• You are obligated to protect patient/customer privacy and any other confidential information when you see or hear a breach occurring by reporting this to someone who can advocate for the patient/customer• This includes unauthorized use, duplication, disclosure, or dissemination of Protected Health Information.
• Your responsibility doesn’t end on your shift• Don’t divulge patient/customer or employee information at your church, school, college, home, the shopping mall, or in other social settings
There is an exception for every rule• Certain situations allow disclosure without prior written consent. – For example… • Medical emergencies • Reporting communicable disease information to the health department • Reporting child or elderly/vulnerable adult abuse • For litigation activities• Always check with your supervisor if you’re not sure
Confidentiality Agreement• I understand that confidential information specifically includes, but is not limited to, patient and proprietary business information, whether written or verbal, or computerized (including password (s)• I also acknowledge and agree that any disclosure of, unauthorized use of, or access to confidential information will cause irreparable harm and loss to the Health System. As a result, I expressly agree to treat all confidential information in strict confidence and to undertake the following obligations with respect to confidential information• Date________________ Name___________________