ConfidentialityMHA690: Health Care Capstone

Ryan L. Ulibarri9-26-2013

Report: Over 120 UCLA hospital staff saw celebrity health records (2008)

IntroductionPatient ConfidentialityImportance of Patient

Confidentiality HIPAA Maintaining ConfidentialityDisplay ActionsConclusion

In recent years, other laws, especially the Health Insurance Portability and Accountability Act (HIPAA), have had serious impact on the administration of these plans by, among other things, implementing privacy and related requirements with respect to personal health information of plan participants.

(Wolper 2011, p. 268)

Patient Confidentiality AMA's Code of Medical Ethics states that the information disclosed to a physician during the

course of the patient-physician relationship is confidential to the utmost degree. The legal basis for imposing liability for a breach of confidentiality is more extensive than

ethical guidelines, which dictate the morally right thing to do. This agreement allows the patient to feel free and easy no confidential medical information

will be disclosed or looked at without the patients express consent unless required to disclose the information by law.

A breach of confidentiality is a disclosure to a third party, without patient consent or court order, of private information that the physician has learned within the patient-physician relationship.

Physicians should set up office procedures to prevent the release of medical records without a copy of the patient's release.

Do not release patients medical records to any 3rd parties in any case unless the patient has the proper documents allowing to do that, this will can otherwise lead to breach of confidentiality.

Any breach in confidentiality—even one that seems minor—can result in mistrust and, possibly, a lawsuit and/or disciplinary action.

Patient Confidentiality. (“n.d.”). Retrieved September 25, 2013, from http://www.ama-assn.org/ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/patient-confidentiality.page

Importance of Confidentiality

Physicians have always had a duty to keep their patients' medical records Confidential.

Physicians, Nurses, and office personal should inform patients of the limits of confidentiality protections and allow the patients to decide whether treatment outweighs the risk of the disclosure of sensitive information.

Protecting patients personal information needs to be a mission to hospitals and all its staff to provide the best patient experiences possible.

HIPAAHealth Insurance Portability and Accountability Act

Passed in 1996 by Congress

The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared.

Mandates industry-wide standards for health care information on electronic billing and other processes.

Requires the protection and confidential handling of protected health information.

All personal who handles patient records of any kind need to be educated on HIPPA compliances.

HIPPA requirements are enforced by the Office for Civil Rights, an agency within the US Department of Health and Human Services.

Health Insurance Portability and Accountability Act. (2013). Retrieved September 24, 2013, from http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00%20WhatisHIPAA.aspx

Maintaining Confidentiality Protection of Individually Identifiable Health Information (PHI)

All information contained in patient medical and billing records is confidential regardless of format; print, audio, electronic display or storage.

Hospitals need to inform patients of the current laws regarding Privacy Practices.

Violation of patient information and confidentiality standards, whether intentional or unintentional, will be subject to disciplinary actions.

All employees shall receive information and training concerning the standards for Confidentiality of Patient Information and HIPAA in annual mandatory education training.

Healthcare organizations need to implement role-based access control measures and processes for ensuring compliance measures within their organizations to not allow medical records to be viewed by non authorized personnel.

Maintaining ConfidentialityContinued

Safeguards Make sure you log off computer when leaving your area. Dispose paper in proper confidential bins to throw away. Position computer screens so patient information is not visible

to passerby Locate printers and fax machines in secure areas. Never take home patient information home unless it is

approved. Do not discuss a patients medical history to other employees. A key thing to remember, patients need to feel confident their

medical records are confidential – ‘they trust you’.

Display Actions All personnel members need to trained on the Privacy and

Security Polices and Procedures to the level appropriate for their job responsibilities and training must be documented.

All new hires need to be provided training during their hiring and orientation process.

All employees need to sign a Confidentiality Agreement which will be stored in their company Human Resource Department.

All employees shall receive information and training concerning the standards for Confidentiality of Patient Information and HIPAA in annual mandatory education training.

All employees shall receive information and training concerning the standards for Confidentiality of Patient Information and HIPAA in annual mandatory education training.

ConclusionA breach of patient confidential information, whether intentional or unintentional needs to be subject to disciplinary actions. UCLA like so many health care organizations have little real information on the number of people within their organizations that have access to electronic medical records, and even less information on those who might have actually accessed those records. This is a major problem and the case against UCLA personnel in 2008 created organizations to implement role-based access control measures and processes for ensuring compliance to maintaining confidentiality of patient information. As shared by Wolper (2011), “In general, the Privacy Rule comprises five key principles: (1) consumer control, (2) the setting of boundaries, (3) accountability, (4) public responsibility, and (5) security’ (p. 390).

ReferencesHealth Insurance Portability and Accountability Act. (2013). Retrieved September 24, 2013, from http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00%20WhatisHIPAA.aspx

Patient Confidentiality. (“n.d.”). Retrieved September 25, 2013, from http://www.ama-assn.org/ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/patient-confidentiality.page

Wolper, L.F. (2011). Health care administration: Managing organized delivery systems (5th ed.). Sudbury, MA: Jones and Bartlett Publishers