1. By Aminah Allen
MHA 690 Healthcare Capstone
Instructor: Hwang-Ji Lu

2.  This training is designed for all staff members
and conducted at least annually, especially
when staff has access to patient information, so
staff knows that there can be serious
consequences for violating a patient’s privacy

3.  All staff members will be trained and tested on
HIPPA rules and regulations
 Annual training and testing includes having
employees be provided with a copy of HIPPA
rules and regulations and have them sign a
copy for their files, conduct an interactive
discussion or even role play, and lecture.

4.  The Office for Civil Rights enforces the HIPAA
Privacy Rule, which protects the privacy of
individually identifiable health information; the
HIPAA Security Rule, which sets national
standards for the security of electronic protected
health information; the HIPAA Breach Notification
Rule, which requires covered entities and business
associates to provide notification following a
breach of unsecured protected health information;
and the confidentiality provisions of the Patient
Safety Rule, which protect identifiable information
being used to analyze patient safety events and
improve patient safety.

5.  Confidentiality means that you cannot share a
patient's information with any other person in
either verbal or written form. Information
learned during the course of treatment that is
material to that treatment is protected by
confidentiality laws. Disclosure of such
information could be construed as a breach of a
patient's privacy.
 Medical records – Any record that identifies
the mental, physical, or emotional health of an
individual

6.  UCLA hospital patients have the right to have
communications involving their health to be on
a need to know basis.
 Only those authorized to have access (i.e. those
who need it for treatment, payment, or any
other healthcare service) should have access.

7. Federal HIPPA laws are superimposed on state
confidentiality laws. Federal laws usually
supersede state laws, but state law still may
prevail if it is more strict.

8. HIPAA protects all personally identifiable
health information. It includes all information
that identifies, or could reasonably be used to
identify, a patient regardless of medium
employed. Although originally envisaged as a
regulator of electronic health records (EHR), it
applies to paper records and verbal
communication as well.

9.  Conduct patient interviews in private rooms or
areas
 Never discuss cases or use patients' names in a
public area
 If a staff member or health care worker
requests patient information, establish his or
her authority to do so before disclosing
anything
 Keep records that contain patient names and
other identifying information in closed, locked
files

10.  Restrict access to electronic databases to
designated staff
 Carefully protect computer passwords or keys;
never give them to unauthorized persons
 Carefully safeguard computer screens
 Keep computers in a locked or restricted area;
physically or electronically lock the hard disk
 Keep printouts of electronic information in a
restricted or locked area; printouts that are no
longer needed should be destroyed

11. HIPPA VIOLATION MINIMUM PENALTY MAXIMUM PENALTY
Individual did not know
(and by exercising
reasonable diligence
would not have known)
that he/she violated
HIPAA
$100 per violation, with
an annual maximum of
$25,000 for repeat
violations (Note:
maximum that can be
imposed by State
Attorneys General
regardless of the type of
violation)
$50,000 per violation,
with an annual
maximum of $1.5 million
HIPAA violation due to
reasonable cause and not
due to willful neglect
$1,000 per violation,
with an annual
maximum of $100,000
for repeat violations
$50,000 per violation,
with an annual
maximum of $1.5 million
HIPAA violation due to
willful neglect but
violation is corrected
within the required time
period
$10,000 per violation,
with an annual
maximum of $250,000
for repeat violations
$50,000 per violation,
with an annual
maximum of $1.5 million
HIPAA violation is due
to willful neglect and is
$50,000 per violation,
with an annual
$50,000 per violation,
with an annual

12.  Individuals whom "knowingly" obtain or disclose
individually identifiable health information in
violation of the Administrative Simplification
Regulations face a fine of up to $50,000, as well as
imprisonment up to one year. Offenses committed
under false pretenses allow penalties to be
increased to a $100,000 fine, with up to five years
in prison. Finally, offenses committed with the
intent to sell, transfer, or use individually
identifiable health information for commercial
advantage, personal gain or malicious harm permit
fines of $250,000, and imprisonment for up to ten
years.

13.  Safeguarding the privacy and confidentiality of
student information is the responsibility of
everyone in the division.
 Violations can be costly

14.  Johnsun, L. J., J.D., & Weinstock, Frank J,M.D.,
F.A.C.S. (2012). Correct patient privacy and
confidentiality violations. Medical Economics, 89(8),
37-8. Retrieved from
http://search.proquest.com/docview/1021130855
?accountid=32521
 American Medical Association. (nd). HIPPA
Violations and Enforcements. Retrieved from
http://www.ama-assn.org
 U.S. Department of Health & Human Services.
(nd). Health Information Privacy. Retrieved from:
http://www.hhs.gov/ocr/pricacy