1. Confidentiality Training December 3,2012 MHA 690Tina
Welch,BS,RDMS,RVT,RCS,RT, ( R)
2. Objectives Discuss compliance regulations relating to
patient privacy and confidentiality Identify HIPAA violations and
disciplinary actions Identify ways to prevent HIPAA violations
3. HIPAA is a broad law dealing with the privacy and security
of health information: The Privacy Rule tells hospitals and
physicians when and how patient health information can be used or
disclosed The Security Rule tells hospitals and physicians how to
protect health information from being inappropriately accessed,
edited, or destroyed. 3 11/9/2009 3
4. HIPAA is the conscious effort by all Healthcare workers
tokeep private all concerning Patients Customers Families Employees
See how many violations you spot on this you tube
http://www.youtube.com/watch?v=4N5dvGpVUGE&feature=shar
e&list=UL4N5dvGpVUGE
5. Confidentiality includes ? The persons identity Physical
condition Psychological condition Emotional status Financial
situation Confidential business information Any other personal or
private information
6. Who are HIPAA officers? HIPAA security officer Risk
Manager-Tina Welch Ext.1234 *Always check with your supervisor if
confidentiality questions arise
7. Need to Know If you do not need to know confidential
information to provide care (clinical or financial) You are not
permitted to access it This includes your own information
8. Disciplinary Actions for Violations of HIPAA Policies
Disciplinary action depends on the violation and previous
violations Examples Not signing off computer with Protected Health
Information (PHI) when leaving a work area. Inadvertent disclosure
of PHI to the wrong patient Failure to follow appropriate
guidelines for the use of fax, mailing, E- mail, computer or other
transmission of patient information causing a disclosure to an
unintended recipient.
9. Disciplinary Actions for Violations of HIPAA Policies
Examples Sharing your password with a co-workers Unauthorized
access of information on a patient you have no job- related
responsibility for This includes friends, family, co-workers,
celebrities, and your information
10. Types of Risk Nosy! A co-worker accesses information The
only reason was for curiosity regarding: Co-worker who is a patient
Physician who is a patient Neighbor who is a patient Celebrity who
is a patient There is a zero tolerance for workers who access
patient information without authorization!
11. Actions that could cause a HIPAA violation Taking pictures
of any patients image, body part or X-ray with personal cell phone
cameras Unauthorized access of sensitive health information
example: (HIV, Abuse) Sharing or stealing password for the computer
systems Not verifying who you disclose patient information to
(financial or clinical) and not confirming that the person
requesting the information is authorized to receive it 11 11/9/2009
11
12. You can protect patient privacy Respect the patients
information and condition the same way you would expect others to
respect and care for yours Close treatment room doors or use
privacy curtains when discussing the care of a patient. Ensure that
medical records are not left where others can see or gain access to
them Keep laboratory, radiology and other test results private Keep
computer screens containing PHI away from individuals not involved
in direct care 12 11/9/2009 12
13. Destruction of paper containing patient information Shred
all patient information when it is to be discardedDo not place
anything with a patients name or identifiers inthe regular trash.
Patient name bands Telemetry strips What about IV bags with med
labels? If you can, peel off label. Label must be shredded or
blacked-out with a marker 13 13
14. Identification All employees should question visitors or
other persons who are in restricted areas. Vendors and contractors
will be wearing their company ID in addition to hospital
identification noting that they have permission to be in the
building All employees, volunteers, students and other workforce
members must wear their identification badges 14 11/9/2009 14
15. Monitoring Controls Audit trails will document who was
where in our systems and will document what the associate was
accessing Performed by our HIPAA Officers Your User ID will link to
every item opened, read or printed
16. Types of information that you are not permitted to access,
acquire, use or disclose without authorization from the patient
include: Medical information Name, address, phone number Social
Security Number, date of birth Photo of any part of the patients
body, including X-ray images, whether or not they contain the
patients name Any information or data that could be used to
identify the patient 16 11/9/2009 16
17. HIPAA enforcement actions If you are found to be
responsible for any type of a HIPAA violation the State Attorney
General believes has threatened or in some way harmed a patient and
is a resident of your State, you can be held responsible for your
actions The State Attorney General can bring a civil action in
federal court Federal Law imposes a maximum fine of $10,000 for
each offense of breaching confidentiality 17 11/9/2009 17
18. Reporting HIPAA violations We expect all employees to
adhere to the HIPAA policies Report violations to your Privacy
Officer Tina Welch, ext 1234 You may report anonymously, if you
wish Compliance Helpline: 1-888-462-0380 You will not be retaliated
against if you report a privacy violation It is your job to report
instances where you suspect policies are being broken 18 11/9/2009
18
19. Notification to Patients Federal law now requires us to
tell patients if someone has obtained their protected information
We must also notify patients any time their protected health
information was inappropriately disclosed outside of the facility
We are required to notify the patient in writing and report all
breaches of to the Federal Government. 19 11/9/2009 19
20. HIPAA Never discuss Protected Health Information where
others can hear you such as hallways, lunch rooms, or elevators You
are obligated to protect patient/customer privacy and any other
confidential information when you see or hear a breach occurring by
reporting this to someone who can advocate for the patient/customer
This includes unauthorized use, duplication, disclosure, or
dissemination of Protected Health Information.
21. Your responsibility doesnt end on your shift Dont divulge
patient/customer or employee information at your church, school,
college, home, the shopping mall, or in other social settings
22. There is an exception for every rule Certain situations
allow disclosure without prior written consent. For example Medical
emergencies Reporting communicable disease information to the
health department Reporting child or elderly/vulnerable adult abuse
For litigation activities Always check with your supervisor if
youre not sure
23. Confidentiality Agreement I understand that confidential
information specifically includes, but is not limited to, patient
and proprietary business information, whether written or verbal, or
computerized (including password (s) I also acknowledge and agree
that any disclosure of, unauthorized use of, or access to
confidential information will cause irreparable harm and loss to
the Health System. As a result, I expressly agree to treat all
confidential information in strict confidence and to undertake the
following obligations with respect to confidential information
Date________________ Name___________________