Employees and Health Professionals are NOT above the law!!

1. HIPAA
PHI Confidentiality-Employees and
Health Care Professional Training
Yvonne Rosenberg
MHA 690 Health Care Capstone
Dr. Rockie McDaniel
March 17, 2016

2. TRAINING COMPETENCIES
 Overview of HIPAA Law-Privacy and Security
 Different forms of sensitive Information
 Confidentiality and privacy
 Unauthorized access
 Breaches
 Real life scenarios
 Real life scenarios and discussion
 Fines and Penalties
 Q & A

3. UNDERSTANDING HIPAA-PRIVACY
 Protecting identifiable health information under “covered entities” and
protecting identifying information
Covered entities include-Health plans, health care clearinghouse, and health
care providers
What is protected includes-names, telephone #’s, social security #, email,
dates, account & beneficiary numbers, license #, or any other unique number
or code that can identify or be linked to an individual

4.  Protect accidental or intentional unauthorized use and disclosure of PHI
using technology sources
 Limit public discussion of PHI to prevent accidental disclosure of PHI
 Safeguard documents (paper or electronic) by encrypting, shredding,
password protecting, and storing documents in a secured location
UNDERSTANDING HIPAA-SECURITY

5. Protecting the privacy and security of patient
sensitive information is the responsibility of ALL
employees
•Electronic
•Verbal
•Printed
FORMS OF SENSITIVE INFORMATION

6. Keep patient information
private and only view patient
records if a situation
warrants
CONFIDENTIALITY & PRIVACY
Ask yourself: Is accessing this medical record or PHI required to do my job??

7. UNAUTHORIZED ACCESS
• Employee accesses or discloses PHI without patient
written consent is unlawful
• Employee accessing PHI without a job related reason
is unlawful
• It is unlawful to look at PHI out of “curiosity”
• It is unlawful to retrieve PHI of a high profile person,
family member, or friend
Employees & health professionals are not above the law and the law applies to you!

8. BREACHES
• Lost, stolen or improperly disposed documents or
devices containing PHI is stored
• HIT Systems compromised or hacked (computers or
mobile devices)
• Improper dispense of communication to anyone who
doesn’t have authorized access or need to be
informed (gossip, or misuse of information dispersed
to other)
Employees & health professionals are NOT above the law and the law
applies to you!

9. 120 workers at a
hospital view a
celebrity’s medical
record and PHI….
REAL LIFE SCENARIOS
• Unauthorized access of “well known person’s
records” by 120 employees
• Further investigation uncovered 127 hospital
employees were fired, suspended, and
warned for accessing patient records with any
“legitimate reason”
• The hospital later found and individual
employee access 60 patient records without
prior authorization using another employees
password
• She accessed social security info, health
insurance info, and personal address
• She faces federal criminal charges for the
violation of patient privacy (Fox News, 2008).

10. HEALTH PROFESSIONAL OR
EMPLOYEE ACCESSES HUSBAND’S
MEDICAL RECORD IN SEARCH OF
INFORMATION TO USED IN AN
INTNET TO DIVORCE CASE….
REAL LIFE SCENARIOS DISCUSSION
Employee has a friend who has recently
contracted an STD and reviews his
previous girl friends medical record to
identify if he contracted the STD from her.
She proceeds to give him the bad news.
He contact confronts the old girlfriend….

11. HIPAA VIOLATIONS FINES & PENALTIES
 Breaches result in civil and criminal penalties
 Civil penalties per incident from $50,000 up to
$1.5 million per incident or violation
 Criminal penalties include up to $250,000 in fines
and up to 10 years in prison (UNC, 2015)
Zero tolerance for HIPAA violations

12. This concludes employee HIPAA orientation and employee quarterly competency
training!
Protecting the privacy and security
of patient sensitive information is
the responsibility of ALL
employees

13. Q & A

14. Fox News. (2008). Report: Over 120 UCLA hospital staff saw celebrity health records. Retrieved
from http://www.foxnews.com/story/0,2933,398784,00.html
The University of North Carolina at Chapel Hill (2015). Welcome to the HIPAA, Privacy & Security Training Model.
Retrieved from http://www.unc.edu/hipaa/Annual%20HIPAA%20Training%20current.pdf
https://www.bing.com/images/search?q=hipaa+privacy+and+security+pictures&view=detailv2&&id=C94CA6F47B
FD0B67F03DEEB7EA93855D0D7B8713&selectedIndex=8&ccid=jTdpqchu&simid=607994364466563326&thid=OIP.
M8d3769a9c86e1f9a03493cdca33bc370H0&ajaxhist=0
http://static1.squarespace.com/static/5127a20be4b0c404ec2f2e65/t/527cfec4e4b00ec91674b48c/1383923397787/1
40407352.jpg
https://www.bing.com/images/search?q=Restricted+Access&view=detailv2&&id=94DF5DD48BAAA31ED44F1B830
082BE16880584AA&selectedIndex=8&ccid=TGVA2Zer&simid=608026654027484485&thid=OIP.M4c6540d997ab17
96e46674182f679e6eo0
https://www.bing.com/images/search?q=hipaa&view=detailv2&&id=9A2E944471A1A873EEAFD6F3E280E4F9AF731
EA4&selectedIndex=13&ccid=kzXOPVdQ&simid=608032791535354699&thid=OIP.M9335ce3d57500b71ce3123d2
7223ecb0H0&ajaxhist=0
Resources