SlideShare una empresa de Scribd logo

Patient confidentiality

Descargar como PPTX, PDF
L
Lily Isaacson

This document provides an overview of the HIPAA privacy laws. It explains that HIPAA protects patients' personal health information and medical records. Entities like hospitals and insurance companies must follow HIPAA rules. Violating patient privacy can result in fines or imprisonment. Examples of violations include discussing patients without consent or accessing records without authorization. The document provides scenarios and advises covering entities to only access necessary information and report any privacy breaches.

TecnologíaEmpresariales
1 de 17
R E S P E C T I N G P R I V A C Y L A W S A N D P A T I E N T C O N F I D E N T I A L I T Y Excellence in Action
Objectives of this Presentation  To explain the HIPAA Law and its background, including:  What information is protected  Who is required to follow HIPAA Laws  Consequences for violating patient privacy  Examples of HIPAA violations  How to remain in compliance with the laws  Reporting breaches of privacy  To provide scenarios for deeper understanding of the law
Introduction to the HIPAA Privacy Laws
HIPAA The Health Insurance Portability and Accountability Act  HIPAA protects:  Security and privacy of all medical records  Health information used or shared in any form  Patients’ rights  Gives patients access to their information and control over its use  What is at stake:  Privacy of care  Security of personal health information (PHI) to avoid medical identity theft  Electronic health records  Computerized physician orders
HIPAA Protects Personal Health Information (PHI)  PHI is information that relates to:  Patients’ health  Care provided to patients  Payment for care provided  Information that can be used to identify the patient  Name  Address  Birthday  Social security number  Medical record number  PHI is protected in every form  Spoken  Electronic  Written  Any PHI must be kept confidential unless authorized by the patient or someone acting on patient’s behalf  Unless permitted by HIPAA
Covered Entities Entities required by law to follow HIPAA rules  Facilities that provide or bill for medical care and services  Hospitals  Nursing (long-term or geriatric) facilities  Physician offices  Organizations that pay for care or process care financial and administrative information  Insurance/claims/billing companies  Health care clearing houses  Associates and administrators working for these organizations
Consequences for Violating HIPAA Rules  Termination  Suspension  Criminal penalties  $50,000-$1.5 million fines  Up to 10 years of imprisonment  Civil penalties  Fines ranging from $100- $25,000 per violation  More fines for multiple-year violations
Insurance Companies Laboratory Technicians  Insurance companies need to access PHI to process claims  Sharing this information with a patient’s employer would be a violation of HIPAA regulations  Employers do not need to know patients’ PHI  Physicians and nurses need full access to patients’ health records to provide care  Lab technicians only need to perform tests the physicians ordered  Looking into the patients’ PHI would violate HIPAA rules Examples of HIPAA Violations
Physicians and Nurses Everyone wants medical privacy  Using their position to access records they do not need to do their job  Accessing coworkers’ records  Accessing records of celebrities  Accessing PHI of family members they are not treating  Accessing records for personal gain  To gossip  Curiosity Examples of HIPAA Violations
Scenario 1: The Intern  Anna is an intern at the University of Idaho’s Pain Clinic. She does not have access to medical information but sees patients and hears about their medical conditions. Can she discuss these patients with her coworkers, friends, or family?  To follow the HIPAA privacy rules, Anna cannot discuss any patient information with anyone unless it is required for her job.  However, Anna can talk with others about the patients if she omits information that personally identifies the patients.
Scenario 2: The Celebrity  Chris, a nurse in Overlake Hospital’s Emergency Department, just saw Oprah Winfrey enter the hospital with intense abdominal pain. He wants to check on the celebrity so he can tell his friends why she was admitted. Can Chris ask his friend Sandy (in admitting) to look up Oprah’s room number?  Under HIPAA, checking on Oprah would be a breach of privacy. Knowledge of Oprah’s medical condition is not required for Chris to perform his job duties, and he is only interested in her condition for personal gain.  How would Chris feel if everyone gossiped about his abdominal pain?
Respecting Patient Privacy  To remain in compliance with HIPAA laws:  Healthcare providers should give patients a Notice of Privacy Practices (NOPP)  Illustrates how the care provider will use the patients’ PHI  Tells patients their privacy rights  Allows PHI to be used for treatment, payment, and operations  Covered entities must only access the minimum amount of PHI necessary to perform their job duties
Respecting Patient Privacy  Ways to protect PHI include:  Being aware of your surroundings when talking about PHI  Leaving telephone messages that include no PHI  Ask yourself, “What if people were discussing my PHI like this?”  Check work areas to ensure no PHI is left unattended  Seal envelopes very well before sending  Dispose of PHI in secured bins for destruction  On the computer  Use (and regularly reset) passwords  Do not leave computer unattended
Examples of Privacy Breaches  Talking too loudly in public areas  Emails or faxes sent to the wrong person, address, or phone number  Failure to log off of computers (allowing others to access database)  Loss, theft, or improper disposal of items containing PHI  Paper, mail  Films, charts  CDs, flash drives  Unprotected computer systems being hacked into
HIPAA Breaches Nationwide
Report Immediately No Retaliation for Reporting  Report to your direct supervisor:  Stolen or missing devices containing PHI  Suspicious behavior  State laws require that privacy breach incidents be reported to the state’s Department of Public Health within a few days  Under HIPAA, covered entities cannot retaliate against employees for reporting privacy breaches Reporting HIPAA Violations
Resources  HBVideocast. (n.d.). “Health Information Privacy”. Retrieved August 2, 2013 from http://www.youtube.com/watch?v=TSvh5kkZskU.  The Regents of University of California. (2011). “HIPAA 101: Privacy and Security Training”. Retrieved August 2, 2013 from http://hipaa.ucsf.edu/education/downloads/HIPAA101T raining.pdf.  U.S. Department of Health and Human Services. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved August 2, 2013 from http://www.hhs.gov/ocr/privacy/hipaa/understanding/s ummary/.

Recomendados

Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2
tiffhall
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021
John Reardon
 
Hippa
HippaHippa
Hippa
cameonicole
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employees
aminahallen
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
mmcravin218
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
Atlantic Training, LLC.
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
LLSS64
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
johnzinn
 

Recomendados

Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2
tiffhall
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021
John Reardon
 
Hippa
HippaHippa
Hippa
cameonicole
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employees
aminahallen
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
mmcravin218
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
Atlantic Training, LLC.
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
LLSS64
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
johnzinn
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality training
Lacey Bredehoeft-Fiene
 
Abc hospital
Abc hospitalAbc hospital
Abc hospital
luivan7894
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016
Lance King
 
Mha690 w1 d2
Mha690 w1 d2Mha690 w1 d2
Mha690 w1 d2
Lindsey Polich
 
Mha 690 w1 d2
Mha 690 w1 d2Mha 690 w1 d2
Mha 690 w1 d2
letarius_90
 
Privacy and Security Training
Privacy and Security TrainingPrivacy and Security Training
Privacy and Security Training
msmichael
 
HIPAA
HIPAAHIPAA
HIPAA
sa3669
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
Charles Taft
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
University of North Alabama - Academic Affairs
 
Mha 690 patient privacy & confidentiality
Mha 690 patient privacy & confidentialityMha 690 patient privacy & confidentiality
Mha 690 patient privacy & confidentiality
jjloftin
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690
AMSIMM9932
 
Hippa powerpoint 92613
Hippa powerpoint 92613Hippa powerpoint 92613
Hippa powerpoint 92613
Ravinia Hayes-Cozier
 
Hippa
HippaHippa
Hippa
kimgeorgelong08
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
mlireton
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
martykoepke
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplace
salvarez63
 
Mha wk 1 dis 2
Mha wk 1 dis 2Mha wk 1 dis 2
Mha wk 1 dis 2
Ashford University
 
Welcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityWelcome to the hippa, privacy and security
Welcome to the hippa, privacy and security
veve1728
 
Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2
tiffhall
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
Karna *
 
HIPAA 2010
HIPAA 2010HIPAA 2010
HIPAA 2010
barbarabenson
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
bholmes
 

Más contenido relacionado

La actualidad más candente

Mha 690 patient privacy & confidentiality
Mha 690 patient privacy & confidentialityMha 690 patient privacy & confidentiality
Mha 690 patient privacy & confidentiality
jjloftin
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
mlireton
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
martykoepke
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplace
salvarez63
 

La actualidad más candente (18)

Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality training
 
Abc hospital
Abc hospitalAbc hospital
Abc hospital
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016
 
Mha690 w1 d2
Mha690 w1 d2Mha690 w1 d2
Mha690 w1 d2
 
Mha 690 w1 d2
Mha 690 w1 d2Mha 690 w1 d2
Mha 690 w1 d2
 
Privacy and Security Training
Privacy and Security TrainingPrivacy and Security Training
Privacy and Security Training
 
HIPAA
HIPAAHIPAA
HIPAA
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Mha 690 patient privacy & confidentiality
Mha 690 patient privacy & confidentialityMha 690 patient privacy & confidentiality
Mha 690 patient privacy & confidentiality
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690
 
Hippa powerpoint 92613
Hippa powerpoint 92613Hippa powerpoint 92613
Hippa powerpoint 92613
 
Hippa
HippaHippa
Hippa
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplace
 
Mha wk 1 dis 2
Mha wk 1 dis 2Mha wk 1 dis 2
Mha wk 1 dis 2
 
Welcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityWelcome to the hippa, privacy and security
Welcome to the hippa, privacy and security
 

Similar a Patient confidentiality

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
Karna *
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
bholmes
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)
bholmes
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentiality
ramonapage
 
Week 1 discussion on confidentiality
Week 1 discussion on confidentialityWeek 1 discussion on confidentiality
Week 1 discussion on confidentiality
tjefferson81
 

Similar a Patient confidentiality (20)

Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
HIPAA 2010
HIPAA 2010HIPAA 2010
HIPAA 2010
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)
 
Basic HIPAA Training by CMU
Basic HIPAA Training by CMUBasic HIPAA Training by CMU
Basic HIPAA Training by CMU
 
Hippa
HippaHippa
Hippa
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employees
 
Mha690 week 1 disc2 10 3-2019
Mha690 week 1 disc2 10 3-2019Mha690 week 1 disc2 10 3-2019
Mha690 week 1 disc2 10 3-2019
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentation
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informatics
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentiality
 
Hippa
HippaHippa
Hippa
 
Week 1 discussion on confidentiality
Week 1 discussion on confidentialityWeek 1 discussion on confidentiality
Week 1 discussion on confidentiality
 
Hippa training for healthcare employees
Hippa training for healthcare employeesHippa training for healthcare employees
Hippa training for healthcare employees
 
Chapter 3: Ethics
Chapter 3: EthicsChapter 3: Ethics
Chapter 3: Ethics
 
Protecting yourself and others
Protecting yourself and othersProtecting yourself and others
Protecting yourself and others
 
Hipaa
HipaaHipaa
Hipaa
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Patient confidentiality

  • 1. R E S P E C T I N G P R I V A C Y L A W S A N D P A T I E N T C O N F I D E N T I A L I T Y Excellence in Action
  • 2. Objectives of this Presentation  To explain the HIPAA Law and its background, including:  What information is protected  Who is required to follow HIPAA Laws  Consequences for violating patient privacy  Examples of HIPAA violations  How to remain in compliance with the laws  Reporting breaches of privacy  To provide scenarios for deeper understanding of the law
  • 3. Introduction to the HIPAA Privacy Laws
  • 4. HIPAA The Health Insurance Portability and Accountability Act  HIPAA protects:  Security and privacy of all medical records  Health information used or shared in any form  Patients’ rights  Gives patients access to their information and control over its use  What is at stake:  Privacy of care  Security of personal health information (PHI) to avoid medical identity theft  Electronic health records  Computerized physician orders
  • 5. HIPAA Protects Personal Health Information (PHI)  PHI is information that relates to:  Patients’ health  Care provided to patients  Payment for care provided  Information that can be used to identify the patient  Name  Address  Birthday  Social security number  Medical record number  PHI is protected in every form  Spoken  Electronic  Written  Any PHI must be kept confidential unless authorized by the patient or someone acting on patient’s behalf  Unless permitted by HIPAA
  • 6. Covered Entities Entities required by law to follow HIPAA rules  Facilities that provide or bill for medical care and services  Hospitals  Nursing (long-term or geriatric) facilities  Physician offices  Organizations that pay for care or process care financial and administrative information  Insurance/claims/billing companies  Health care clearing houses  Associates and administrators working for these organizations
  • 7. Consequences for Violating HIPAA Rules  Termination  Suspension  Criminal penalties  $50,000-$1.5 million fines  Up to 10 years of imprisonment  Civil penalties  Fines ranging from $100- $25,000 per violation  More fines for multiple-year violations
  • 8. Insurance Companies Laboratory Technicians  Insurance companies need to access PHI to process claims  Sharing this information with a patient’s employer would be a violation of HIPAA regulations  Employers do not need to know patients’ PHI  Physicians and nurses need full access to patients’ health records to provide care  Lab technicians only need to perform tests the physicians ordered  Looking into the patients’ PHI would violate HIPAA rules Examples of HIPAA Violations
  • 9. Physicians and Nurses Everyone wants medical privacy  Using their position to access records they do not need to do their job  Accessing coworkers’ records  Accessing records of celebrities  Accessing PHI of family members they are not treating  Accessing records for personal gain  To gossip  Curiosity Examples of HIPAA Violations
  • 10. Scenario 1: The Intern  Anna is an intern at the University of Idaho’s Pain Clinic. She does not have access to medical information but sees patients and hears about their medical conditions. Can she discuss these patients with her coworkers, friends, or family?  To follow the HIPAA privacy rules, Anna cannot discuss any patient information with anyone unless it is required for her job.  However, Anna can talk with others about the patients if she omits information that personally identifies the patients.
  • 11. Scenario 2: The Celebrity  Chris, a nurse in Overlake Hospital’s Emergency Department, just saw Oprah Winfrey enter the hospital with intense abdominal pain. He wants to check on the celebrity so he can tell his friends why she was admitted. Can Chris ask his friend Sandy (in admitting) to look up Oprah’s room number?  Under HIPAA, checking on Oprah would be a breach of privacy. Knowledge of Oprah’s medical condition is not required for Chris to perform his job duties, and he is only interested in her condition for personal gain.  How would Chris feel if everyone gossiped about his abdominal pain?
  • 12. Respecting Patient Privacy  To remain in compliance with HIPAA laws:  Healthcare providers should give patients a Notice of Privacy Practices (NOPP)  Illustrates how the care provider will use the patients’ PHI  Tells patients their privacy rights  Allows PHI to be used for treatment, payment, and operations  Covered entities must only access the minimum amount of PHI necessary to perform their job duties
  • 13. Respecting Patient Privacy  Ways to protect PHI include:  Being aware of your surroundings when talking about PHI  Leaving telephone messages that include no PHI  Ask yourself, “What if people were discussing my PHI like this?”  Check work areas to ensure no PHI is left unattended  Seal envelopes very well before sending  Dispose of PHI in secured bins for destruction  On the computer  Use (and regularly reset) passwords  Do not leave computer unattended
  • 14. Examples of Privacy Breaches  Talking too loudly in public areas  Emails or faxes sent to the wrong person, address, or phone number  Failure to log off of computers (allowing others to access database)  Loss, theft, or improper disposal of items containing PHI  Paper, mail  Films, charts  CDs, flash drives  Unprotected computer systems being hacked into
  • 16. Report Immediately No Retaliation for Reporting  Report to your direct supervisor:  Stolen or missing devices containing PHI  Suspicious behavior  State laws require that privacy breach incidents be reported to the state’s Department of Public Health within a few days  Under HIPAA, covered entities cannot retaliate against employees for reporting privacy breaches Reporting HIPAA Violations
  • 17. Resources  HBVideocast. (n.d.). “Health Information Privacy”. Retrieved August 2, 2013 from http://www.youtube.com/watch?v=TSvh5kkZskU.  The Regents of University of California. (2011). “HIPAA 101: Privacy and Security Training”. Retrieved August 2, 2013 from http://hipaa.ucsf.edu/education/downloads/HIPAA101T raining.pdf.  U.S. Department of Health and Human Services. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved August 2, 2013 from http://www.hhs.gov/ocr/privacy/hipaa/understanding/s ummary/.