mha 690 week 1 discussion 2
TRANSCRIPT
CONFIDENTIALITY, PHI, AND HIPAA
Presenter: Charles Henderson
HCA 459 Senior Project
Professor: Dr. Hwang-Ji Lu
August 4, 2016
WHAT PRO TECTS PATIENT INFO R MATIO N
Health Insurance Portability and Accountability Act (HIPAA)
• Privacy Rule
Protected Health Information (PHI)
Privacy Act
Health Information Technology for Economic and Clinical Health Act (HITECH)
HIPAA
There are five major components of HIPAA’s privacy rule, which are:
1. Boundaries. PHI may be disclosed for health purposes only, with very limited exceptions.
2. Security. PHI should not be distributed without patient authorization, unless there is a clear basis for doing so, and the individuals who receive the information must safeguard it.
3. Consumer control. Individuals are entitled to access and control their health records and are to be informed of the purposes for which information is being disclosed and used.
4. Accountability. Entities that improperly handle PHI can be charged under criminal law and punished and are subject to civil recourse as well.
5. Public responsibility. Individual interests must not override national priorities in public health, medical research, preventing health care
(Wager, Lee, Glaser, 2013, p. 89)
WHAT IS A VIOLATIONBustillos (2013) says PHI under HIPAA protects the following 18 patient identifiers,
Names, all geographical subdivisions smaller than a state, including street address, city, county, precinct, zip code, etc., all elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89, phone numbers, fax numbers, e-mail addresses, social Security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers and serial numbers, including license plate numbers, device identifiers and serial numbers, web addresses or universal resource locators (URLs),internet protocol (IP) address numbers, biometric identifiers, including fingerprints and voiceprints, full face images and any comparable images, and any other unique identifying number, characteristic, or code (with some narrow exceptions). (5.2 Legal and Regulatory Landscape Affecting Privacy and Confidentiality)
POLICY AND ENFORCER
Code of Ethics• Organizational Leadership
HIPAA, HITECH, Privacy Act• Office of Civil Rights
CODE OF ETHICS
Positive Intentions
Maintain Patient Confidentiality
Accountability
100% Effort
Top Priority is always the patient
Team effort
PENALTIES
Local• Termination of Employment
Nationally• Fines and Prison Time
SPECIFIC PENALTIES
Organization• A medical practice that fails to comply with HIPAA can face fines
ranging from $100 to $50,000 per violation up to an annual maximum of $1.5 million, depending on the practice’s lack of reasonable diligence and the nature of harm resulting from the violation. In addition, criminal charges are possible for individuals or entities that knowingly obtain or disclose PHI, with penalties ranging from fines plus 1 to 10 years of imprisonment based on the misuse intent” ( Cascardo, 2012, p. 338).
Individual• According to Bustillos possible consequences for the individual are a
fine of $1,000 to an accumulated annual amount of $100,000(5.2 Legal and Regulatory Landscape Affecting Privacy and Confidentiality).
• Prison Time
TRAINING
Create Strong Policy
Provide Thorough Education Annually• HIPAA, Privacy Act, HITECH• Code of Ethics
Testing
ADDITIONAL PRECAUTIONS
Patient information needs to be secure and only accessed by authorized individuals for justified purposes.
Implement Encryption Software for Medical Records
Develop levels of access
Monitor employee use and access of patient information
Inspect Patient Records and who has accessed them
TRAINING BENEFITS TO EMPLOYEES
Education
Builds Character
Develops a Professional Culture
Keeps the Organization, Employees, and Patients safe
REFERENCESBustillos, D. (2013). Understanding Health Care Ethics & Medical Law. San Diego: Bridgepoint Education, Inc.
Cascardo, D. (2012). What to Do Before the Office for Civil Right Comes Knocking: Part 1. The Journal of
Medical Practice Management: MPM, 27(6), 337-340. Retrieved from ProQuest
Fox News. (2008). Report Over 120 UCLA hospital staff saw celebrity health records. Retrieved from
http://www.foxnews.com/story/0,2933,398784,00.html
Wager, K. A., Lee, F. W., & Glaser, J. P. (2013). Health Care Information Systems: A practical approach for
health care management (3rd ed.). San Francisco, CA: Jossey-Bass.