This document discusses privacy and confidentiality in healthcare. It defines what information needs protection, such as names, addresses, medical records, and social security numbers. A breach is an impermissible disclosure of private health information. Factors that determine if a breach occurred include what information was involved, who accessed it, if it was actually viewed, and how the risk was mitigated. Healthcare organizations should provide training to educate employees on privacy laws and tools to keep information secure. Common breach types and how to internally report suspected breaches are also reviewed. Effective privacy training is critical for protecting patients and avoiding legal risks.
2. Table of Contents
Introduction to privacy and confidentiality
Healthcare providers role
What is information needs to be protected
Definition of breach
Factors to confirm when breach is suspected
Tools providers can use to keep information safe
Most common breach types in the US
How to report a breach
You don’t know what you don’t know
References
3. Privacy and Confidentiality
As healthcare professionals privacy and
confidentiality of patient information should be one
of our top priorities. Protecting patient health
information is a critical and pivotal role in providing
high quality care. Understanding how to protect
patient information is a very important skill set that
every healthcare provider must understand and
master. This training module it aimed to assist
healthcare professionals in protecting private patient
health information.
4. What is considered private information?
Name and Address
Health Background
Previous Healthcare Providers
Birthday
Social Security Number
Medical Records
Ethical Origin
Test results and X-rays
Notes Taken by a Doctor or Nurse
Medical Diagnosis
(US Department of Health and Human Services, 2005)
5. Information breach definition
A breach is, generally, an impermissible use or
disclosure under the Privacy Rule that
compromises the security or privacy of the
protected health information.
(U.S Department of Health and Human Services, 2013)
6. Factors to confirm
The nature and extent of the protected health
information involved.
The unauthorized person who used the protected health
information or to whom the disclosure was made.
Whether the protected health information was actually
acquired or viewed.
The extent to which the risk to the protected health
information has been mitigated.
(U.S Department of Health and Human Services, 2013)
7. Tools to keeping information save
(The Office of National Coordinator, 2012)
8. Most common breach types in the U.S.
(The Office of National Coordinator, 2012)
9. How to report a potential breach
All healthcare organizations have an internal
compliance and legal department that is available for
employees to access when they have suspected a breach
in patient protected information.
Potential breaches should be reported to immediate
supervisors and then pushed up the correct internal
chain of command.
Investigations will be launched by internal compliance
team.
Breaches will then be reported to the appropriate state
and federal regulatory agencies.
10. You don’t know what you don’t know
Effective understanding and adequate training for
all employees and clinicians with annual training is
critical. Healthcare organizations must ensure annual
training programs exist from within the company to
educate all new and existing employees on safe and
protected activities related to private patient information.
Effective training and education around privacy and
confidentiality will protect the patient, the organization,
and the employees from potential breaches of private
information, legal risks, loss of employment and even
criminal charges.
11. References
The Office of the National Coordinator Health Information Technologies.
(2012). Keeping Health Information Private and Secure New Initiatives and
Tools. Retrieved from
www.healthit.gov/.../KeepingHealthInformationPrivateSecure.pdf
U.S. Department of Health and Human Services. (2005). Information for
Patients. National Institutes for Health. Retrieved from
http://privacyruleandresearch.nih.gov/patients.asp
U.S. Department of Health and Human Services. (2013). Health Information
Privacy. Breach Notification Rule. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/