This document provides an overview of the HIPAA privacy laws. It explains that HIPAA protects patients' personal health information and medical records. Entities like hospitals and insurance companies must follow HIPAA rules. Violating patient privacy can result in fines or imprisonment. Examples of violations include discussing patients without consent or accessing records without authorization. The document provides scenarios and advises covering entities to only access necessary information and report any privacy breaches.
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Patient confidentiality
1. R E S P E C T I N G P R I V A C Y L A W S A N D P A T I E N T
C O N F I D E N T I A L I T Y
Excellence in Action
2. Objectives of this Presentation
To explain the HIPAA Law and its
background, including:
What information is protected
Who is required to follow HIPAA Laws
Consequences for violating patient privacy
Examples of HIPAA violations
How to remain in compliance with the laws
Reporting breaches of privacy
To provide scenarios for deeper understanding of
the law
4. HIPAA
The Health Insurance
Portability and
Accountability Act
HIPAA protects:
Security and privacy of all medical
records
Health information used or shared in
any form
Patients’ rights
Gives patients access to their
information and control over its use
What is at stake:
Privacy of care
Security of personal health information
(PHI) to avoid medical identity theft
Electronic health records
Computerized physician orders
5. HIPAA Protects Personal Health Information (PHI)
PHI is information that
relates to:
Patients’ health
Care provided to patients
Payment for care provided
Information that can be
used to identify the patient
Name
Address
Birthday
Social security number
Medical record number
PHI is protected in every
form
Spoken
Electronic
Written
Any PHI must be kept
confidential unless
authorized by the patient
or someone acting on
patient’s behalf
Unless permitted by HIPAA
6. Covered
Entities
Entities required by law
to follow HIPAA rules
Facilities that provide or bill for
medical care and services
Hospitals
Nursing (long-term or geriatric)
facilities
Physician offices
Organizations that pay for care or
process care financial and
administrative information
Insurance/claims/billing companies
Health care clearing houses
Associates and administrators working
for these organizations
7. Consequences for Violating HIPAA Rules
Termination
Suspension
Criminal penalties
$50,000-$1.5 million fines
Up to 10 years of
imprisonment
Civil penalties
Fines ranging from $100-
$25,000 per violation
More fines for multiple-year
violations
8. Insurance Companies Laboratory Technicians
Insurance companies
need to access PHI to
process claims
Sharing this information
with a patient’s employer
would be a violation of
HIPAA regulations
Employers do not need to
know patients’ PHI
Physicians and nurses
need full access to
patients’ health records
to provide care
Lab technicians only
need to perform tests
the physicians ordered
Looking into the patients’
PHI would violate HIPAA
rules
Examples of HIPAA Violations
9. Physicians and Nurses
Everyone wants medical privacy
Using their position to
access records they do not
need to do their job
Accessing coworkers’ records
Accessing records of
celebrities
Accessing PHI of family
members they are not treating
Accessing records for
personal gain
To gossip
Curiosity
Examples of HIPAA Violations
10. Scenario 1: The Intern
Anna is an intern at the
University of Idaho’s
Pain Clinic. She does not
have access to medical
information but sees
patients and hears about
their medical conditions.
Can she discuss these
patients with her
coworkers, friends, or
family?
To follow the HIPAA
privacy rules, Anna
cannot discuss any
patient information with
anyone unless it is
required for her job.
However, Anna can talk
with others about the
patients if she omits
information that
personally identifies the
patients.
11. Scenario 2: The Celebrity
Chris, a nurse in
Overlake Hospital’s
Emergency Department,
just saw Oprah Winfrey
enter the hospital with
intense abdominal pain.
He wants to check on the
celebrity so he can tell
his friends why she was
admitted. Can Chris ask
his friend Sandy (in
admitting) to look up
Oprah’s room number?
Under HIPAA, checking
on Oprah would be a
breach of privacy.
Knowledge of Oprah’s
medical condition is not
required for Chris to
perform his job duties,
and he is only interested
in her condition for
personal gain.
How would Chris feel if
everyone gossiped about
his abdominal pain?
12. Respecting Patient Privacy
To remain in compliance with HIPAA laws:
Healthcare providers should give patients a Notice of Privacy
Practices (NOPP)
Illustrates how the care provider will use the patients’ PHI
Tells patients their privacy rights
Allows PHI to be used for treatment, payment, and operations
Covered entities must only access the minimum amount of
PHI necessary to perform their job duties
13. Respecting Patient Privacy
Ways to protect PHI include:
Being aware of your surroundings when talking about PHI
Leaving telephone messages that include no PHI
Ask yourself, “What if people were discussing my PHI like
this?”
Check work areas to ensure no PHI is left unattended
Seal envelopes very well before sending
Dispose of PHI in secured bins for destruction
On the computer
Use (and regularly reset) passwords
Do not leave computer unattended
14. Examples of Privacy Breaches
Talking too loudly in
public areas
Emails or faxes sent to
the wrong person,
address, or phone
number
Failure to log off of
computers (allowing
others to access
database)
Loss, theft, or improper
disposal of items
containing PHI
Paper, mail
Films, charts
CDs, flash drives
Unprotected computer
systems being hacked
into
16. Report Immediately No Retaliation for Reporting
Report to your direct
supervisor:
Stolen or missing devices
containing PHI
Suspicious behavior
State laws require that
privacy breach incidents
be reported to the state’s
Department of Public
Health within a few days
Under HIPAA, covered
entities cannot retaliate
against employees for
reporting privacy
breaches
Reporting HIPAA Violations
17. Resources
HBVideocast. (n.d.). “Health Information Privacy”.
Retrieved August 2, 2013 from
http://www.youtube.com/watch?v=TSvh5kkZskU.
The Regents of University of California. (2011). “HIPAA
101: Privacy and Security Training”. Retrieved August 2,
2013 from
http://hipaa.ucsf.edu/education/downloads/HIPAA101T
raining.pdf.
U.S. Department of Health and Human Services. (n.d.).
Summary of the HIPAA Privacy Rule. Retrieved August
2, 2013 from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/s
ummary/.