The document discusses training employees on patient confidentiality and the HIPAA Privacy Rule. It defines covered entities as health providers, health plans, and clearinghouses that are required to protect personal health information. Protected health information cannot be disclosed without patient authorization, and breaches of confidentiality are only allowed to facilitate treatment or operations with consent. The HIPAA Privacy Rule enforces penalties for violations, and sensitive patient information requires security controls like only accessing authorized information and not discussing cases in public areas.

1. Training for Employees

2. Patient Confidentiality

3. HIPAA Privacy Rule
 The HIPAA privacy rule provides protection
of personal health information held by
covered entities and gives patients an array
of rights with respect to that information
(DHS, 2012).
 Health information cannot be used or
disclosed without proper authorization by
the patient or legal guardian for minors.

4. Covered entities
 Covered entities are health care providers, health
plans, and a healthcare clearinghouse.
 Health care providers are doctors, clinics,
psychologists, dentists, chiropractors, and other health
care professionals.

5. HIPAA Privacy Rule

6. Protected Health Information
 The privacy rule protects all “individually
identifiable health information” held or
transmitted by a covered entity in any form
or media, whether electronic, paper, or oral
(DHS, 2012).
 The principle behind the privacy rule is to
limit the use and disclosure of PHI .

7. Breach of Confidentiality
 A breach of confidentiality is a disclosure of
information to a third party without patient
consent or court order (AMA, 2012).
 Patient information can only be released
with patient’s consent in writing or verbal.
 HIPAA consider the release without
authorization only to facilitate treatment or
health care operations (AMA, 2012).

8. Enforcement and Penalties
 HHS (2003) impose civil penalty of $100 per
failure and may not exceed $25,000 per year .
 Criminal penalties of $50,000 and up to one
year imprisonment for HIPAA violations,
$100,000 with five years for false pretenses,
and $250,000 with ten years for using,
selling of PHI.

9. Safeguarding and Security
 Sensitive patient information should have
security controls.
 Staff should turn off or log off when not
using the computer.
 Patient information should not be discussed
on hallways or elevators.
 Access of information should be according
to the work involved.