upholding confidentiality
TRANSCRIPT
Upholding Confidentiality
It is your ethical responsibility
Theresa TapleyMHA690: Health Care Capstone
Ashford UniversityDr. David ColeApril 23, 2013
Objectives Understanding of HIPAA Ethical Responsibility to keep each and
every patient’s PHI confidential Patient Privacy Rule and Security Rules Identification of what PHI is Ways to protect PHI Tips for electronic confidentiality
protections Consequences if confidentiality or PHI
mishandlement
What is Health Insurance Portability and Accountability Act (HIPAA)?
HIPPA is a federal law that gives an individual the right of protection of their personal health information (PHI).
PHI includes all medical and personal information and must be protected whether communication is verbal, written, or electronic.
(U.S. Department HHS, 2012)
Forms of Sensitive InformationSensitive Information exists in various forms
Printed Spoken Electronic
It is the responsibility of every employee to protect the privacy and security of sensitive
information in ALL forms
What Information is Considered Confidential and must be Protected?
Personal billing information
All medical records
Conversations between physician and other medical staff regarding a patient
Information about a patient within their Insurance carrier’s database
Patient Privacy Rule Rights
The right to see and obtain a copy of their health record
The right to have corrections added to their personal health record
The right to receive notice about how their health information will be used or shared for certain purposes
The right to get a report of when and why their health information was shared
The right to file a complaint with the provider or health insurer
The right to file a complaint with the U. S. Government
Personal Health Information How to keep it confidential
Never leave medical records where others can gain access to them
PHI should be guarded and kept confidential, shared only with healthcare providers involved in their healthcare
PHI is confidential and should not be viewed on paper or on computer by unauthorized staff
Ways to Protect Confidentiality of PHI PHI should only be shared with other healthcare
professionals directly involved in an individual’s care
Records are kept locked and only people with a need to see information about patients have access to them
Employees who use computerized patient records to not leave their computers logged in to the patient information system while they are not at their workstations. Computer screens containing patient information are turned away from the view of the public or people passing by.
More Ways to Protect Confidentiality of PHI
Posted or written patient information maintained in work areas such as nurses’ stations or front desk is kept covered from the public.
Discussions about patient care are kept private to reduce the likelihood that those who do not need to know will overhear.
Electronic records are kept secure, and the facility monitors who gains access to records to ensure that they are being used appropriately.
Paper records are always shredded or placed in closed receptacles for delivery to a company that destroys records for the facility. They must never be left in the garbage.
Understanding the Security Rule
Specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information
The Security Rule defines “confidentiality” to mean that e-PHI is not available or disclosed to unauthorized persons. The Security Rule's confidentiality requirements support the Privacy Rule's prohibitions against improper uses and disclosures of PHI
The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI
Designation of a security official who is responsible for developing and implement its security policies and procedures
Electronic confidentiality protections Keep passwords and
other security features that restrict access to your computer private
Never share password access or log in to the health information system using a borrowed credential
More steps for protecting electronic information
Point computer screen away from the public Never walk away from your computer with PHI
up and in view of a passerby Never remove computer equipment, disks, or
software unless instructed to do so by your supervisor
Never send confidential patient information in an e-mail unless it is encrypted
Always double-check the address line of an email before you send it.
Penalties for Breaches
Breaches of the HIPAA Privacy and Security Rules have serious ramifications for all involved. In addition to sanctions imposed by this organization, such breaches may result in civil and criminal penalties.
Statutory and regulatory penalties for breaches may include:
Civil: $50,000 per incident, up to $1.5 million per calendar year for violations that are not corrected
Criminal: $50,000 to $250,000 in fines and up to 10 years in prison
In addition, institutions that fail to correct a HIPAA violation may be fined up to $50,000 per violation.
Best Practice Reminders
DO keep computer sign-on codes and passwords secret, and DO NOT allow unauthorized
persons access to your computer. Also, use locked screensavers for added privacy. DO keep notes, files, memory sticks, and computers in a secure place, and be careful to
NOT leave them in open areas outside your workplace, such as a library, cafeteria, or airport. DO NOT place PHI or PII on a mobile device without required approval. DO encrypt
mobile devices that contain PHI or PII. DO hold discussions of PHI in private areas and for job-related reasons only. Also, be
aware of places where others might overhear conversations, such as in reception areas. DO make certain when mailing documents that no sensitive information is shown on
postcards or through envelope windows, and that envelopes are closed securely. DO NOT use unsealed campus mail envelopes when sending sensitive information to
another employee. DO follow procedures for the proper disposal of sensitive information, such as shredding documents or using locked recycling drop boxes. When sending an e-mail, DO NOT include PHI or other sensitive information such as
Social Security numbers, unless you have the proper written approval to store the information
and encrypted your computer or e-mail.
(UNC, 2013)
ReferencesHIPAA (n.d.) HIPAA training handbook for the healthcare staff: An
introduction to confidentiality and privacy under HIPAA. Retrieved from website: http://www.regalmed.com/pdfs/HIPAA_Handbook.pdf
Kongstvedt, P.R. (2007). Essentials of managed health care (5th ed.). MA: Jones and Bartlett Publishers.
U.S. Department of Health & Human Services (2012). Health Information Privacy. Retrieved form U.S. Department of Health and Human Services website: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
University of North Carolina (UNC) (2013). HIPAA, privacy, & security. Retrieved from website: http://www.unc.edu/hipaa/Annual%20HIPAA%20Training%20current.pdf