upholding confidentiality

Download Upholding confidentiality

Post on 07-May-2015




2 download

Embed Size (px)


  • 1.UpholdingConfidentialityIt is your ethical responsibility Theresa TapleyMHA690: Health Care Capstone Ashford University Dr. David ColeApril 23, 2013

2. Objectives Understandingof HIPAA Ethical Responsibility to keep each andevery patients PHI confidential Patient Privacy Rule and Security Rules Identification of what PHI is Ways to protect PHI Tips for electronic confidentialityprotections Consequences if confidentiality or PHImishandlement 3. What is Health Insurance Portability and Accountability Act (HIPAA)? HIPPAis a federal law that gives anindividual the right of protection of theirpersonal health information (PHI). PHI includes all medical and personalinformation and must be protectedwhether communication isverbal, written, or electronic.(U.S. Department HHS, 2012) 4. Forms of Sensitive InformationSensitive Information exists in various formsPrintedSpokenElectronic It is the responsibility of every employee to protect the privacy and security of sensitive information in ALL forms 5. What Information is Considered Confidential and must be Protected? Personal billing information All medical records Conversations between physician and other medical staff regarding a patient Information about a patient within their Insurance carriers database 6. Patient Privacy Rule Rights The right to see and obtain a copy of their health record The right to have corrections added to their personal health record The right to receive notice about how their health information will be used or shared for certain purposes The right to get a report of when and why their health information was shared The right to file a complaint with the provider or health insurer The right to file a complaint with the U. S. Government 7. Personal Health InformationHow to keep it confidential Never leave medicalrecords where others cangain access to them PHI should be guarded andkept confidential, sharedonly with healthcareproviders involved in theirhealthcare PHI is confidential andshould not be viewed onpaper or on computer byunauthorized staff 8. Ways to Protect Confidentiality of PHI PHI should only be shared with other healthcareprofessionals directly involved in an individualscareRecords are kept locked and only people with aneed to see information about patients haveaccess to them Employees who use computerized patient recordsto not leave their computers logged in to thepatient information system while they are not attheir workstations. Computer screens containingpatient information are turned away from the viewof the public or people passing by. 9. More Ways to Protect Confidentiality of PHI Posted or written patient information maintained inwork areas such as nurses stations or front desk iskept covered from the public. Discussions about patient care are kept private toreduce the likelihood that those who do not needto know will overhear. Electronic records are kept secure, and the facilitymonitors who gains access to records to ensurethat they are being used appropriately. Paper records are always shredded or placed inclosed receptacles for delivery to a company thatdestroys records for the facility. They must neverbe left in the garbage. 10. Understanding the Security Rule Specifies a series of administrative, physical, and technicalsafeguards for covered entities to use to assure theconfidentiality, integrity, and availability of electronicprotected health information The Security Rule defines confidentiality to mean that e-PHI isnot available or disclosed to unauthorized persons. The SecurityRules confidentiality requirements support the Privacy Rulesprohibitions against improper uses and disclosures of PHI The Security rule also promotes the two additional goals ofmaintaining the integrity and availability of e-PHI Designation of a security official who is responsible fordeveloping and implement its security policies and procedures 11. Electronic confidentiality protections Keep passwords andother securityfeatures that restrictaccess to yourcomputer private Never sharepassword access orlog in to the healthinformation systemusing a borrowedcredential 12. More steps for protecting electronic information Point computer screen away from the public Never walk away from your computer withPHI up and in view of a passerby Never remove computer equipment, disks, orsoftware unless instructed to do so by yoursupervisor Never send confidential patient information inan e-mail unless it is encrypted Always double-check the address line of anemail before you send it. 13. Penalties for BreachesBreaches of the HIPAA Privacy and Security Rules haveserious ramifications for all involved. In addition tosanctions imposed by this organization, such breachesmay result in civil and criminal penalties. Statutory and regulatory penalties for breaches may include:Civil: $50,000 per incident, up to $1.5 million per calendaryear for violations that are not correctedCriminal: $50,000 to $250,000 in fines and up to 10 years inprisonIn addition, institutions that fail to correct a HIPAA violationmay be fined up to $50,000 per violation. 14. Best Practice Reminders DO keep computer sign-on codes and passwords secret, and DO NOT allow unauthorized persons access to your computer. Also, use locked screensavers for added privacy. DO keep notes, files, memory sticks, and computers in a secure place, and be careful to NOT leave them in open areas outside your workplace, such as a library, cafeteria, or airport. DO NOT place PHI or PII on a mobile device without required approval. DO encrypt mobile devices that contain PHI or PII. DO hold discussions of PHI in private areas and for job-related reasons only. Also, be aware of places where others might overhear conversations, such as in reception areas. DO make certain when mailing documents that no sensitive information is shown on postcards or through envelope windows, and that envelopes are closed securely. DO NOT use unsealed campus mail envelopes when sending sensitive information to another employee. DO follow procedures for the proper disposal of sensitive information, such as shredding documents or using locked recycling drop boxes. When sending an e-mail, DO NOT include PHI or other sensitive information such as Social Security numbers, unless you have the proper written approval to store the information and encrypted your computer or e-mail.(UNC, 2013) 15. ReferencesHIPAA (n.d.) HIPAA training handbook for the healthcare staff: Anintroduction to confidentiality and privacy under HIPAA. Retrieved fromwebsite: http://www.regalmed.com/pdfs/HIPAA_Handbook.pdfKongstvedt, P.R. (2007). Essentials of managed health care (5th ed.). MA:Jones and Bartlett Publishers.U.S. Department of Health & Human Services (2012). Health InformationPrivacy. Retrieved form U.S. Department of Health and Human Serviceswebsite:http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.htmlUniversity of North Carolina (UNC) (2013). HIPAA, privacy, & security. Retrieved from website: http://www.unc.edu/hipaa/Annual%20HIPAA%20Training%20current.p df


View more >