HIPAA and Patient Medical Record ConfidentialityFederal civil rights laws and the Health Insurance Portability and Accountability Act (HIPAA)Privacy Rule, together protect your fundamental rights of nondiscrimination and healthinformation privacy. Civil Rights help to protect you from unfair treatment or discrimination,because of your race, color, national origin, disability, age, sex (gender), or religion. Federallaws also provide conscience protections for health care providers.The Privacy Rule protects the privacy of your health information; it says who can look at andreceives your health information, and also gives you specific rights over that information. Inaddition, the Patient Safety Act and Rule establish a voluntary reporting system to enhance thedata available to assess and resolve patient safety and health care quality issues and providesconfidentiality protections for patient safety concerns.
Civil Rights Health Information Privacy Rights OCR helps to protect you from By enforcing the Privacy and Security discrimination in certain health care and Rules, OCR helps to protect the privacy of social service programs. Some of these your health information held by health programs may include: insurers and certain health care providers and health insurers. Some of these providers Hospitals, health clinics, nursing and insurers may include: homes Medicaid and Medicare agencies Doctors and nurses Welfare programs Pharmacies Day care centers Hospitals, clinics, and nursing homes Doctors’ offices and pharmacies Health insurance companies Children’s health programs Health maintenance organizations Alcohol and drug treatment centers (HMOs) Adoption agencies Employer group health plans Mental health and developmental Certain government programs that pay disabilities agencies for health care, such as Medicare and Medicaid Learn more about civil rights>> OCR also enforces the confidentiality provisions of the Patient Safety Act and Rule. Learn more about health information privacy>> Health Information PrivacyThe Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy ofindividually identifiable health information; the HIPAA Security Rule, which sets nationalstandards for the security of electronic protected health information; and the confidentialityprovisions of the Patient Safety Rule, which protect identifiable information being used toanalyze patient safety events and improve patient safety.The Standards for Privacy of Individually Identifiable Health Information (―Privacy Rule‖)establishes, for the first time, a set of national standards for the protection of certain healthinformation. The U.S. Department of Health and Human Services (―HHS‖) issued the PrivacyRule to implement the requirement of the Health Insurance Portability and Accountability Act of1996 (―HIPAA‖).
The Privacy RuleStandards address the use and disclosure of individuals’ health information—called ―protectedhealth information‖ by organizations subject to the Privacy Rule — called ―covered entities,‖ aswell as standards for individuals privacy rights to understand and control how their healthinformation is used. Within HHS, the Office for Civil Rights (―OCR‖) has responsibility forimplementing and enforcing the Privacy Rule with respect to voluntary compliance activities andcivil money penalties. Organizational Policies and Regulations All staff members should have training at least annually on confidentiality especially when the staff has access to personal information; the training should include HIPAA rules and regulations. Staff should know that there can be serious ramifications for violating a patient’s privacy. All employees that have access to personal information should be required to attend the annual training. During the meeting they should be given an employee handbook that address confidentiality and the employees should sign a copy for their personnel file. Training should include a review of applicable Case Studies of various types of violations of medical record confidentiality and HIPAA regulations. Role playing exercises should be conducted to teach personnel what to do in the event they witness violations and misuse of patient records. Training should incorporate real life examples of potential confidentiality violations and how to avoid mistakes. A Privacy Officer should be used to monitor and to make sure that security measures are maintained, that all the applicable state and federal laws are enforced, and that all organizational policies and procedures are followed. Security Measures Background checks for all employees Limited Access to Records Login Authentication Monitor Login Frequency Maintain Chain-of-Custody List of all Personnel Associated with Patient Care Maintain Attendance Records Record Login Dates and Time
Record all Data Transfer Date and Time ReferencesSummary of the HIPAA Privacy Rule (2012) – U. S. Department of Health and Human Services.Retrieved June 28, 2012 from website:http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html