2. Ways to protect the privacy and security of
confidential and protected health
information
To recognize situations in which confidential
and protected health information can be
mishandled
That employees are held responsible for their
actions
HIPPA identifiers which create protected
health information (PHI)
3. It is the responsibility of every employee to
protect the privacy and security of sensitive
information in all forms.
Sensitive information comes in several forms:
Electronic
Spoken
Printed
4. Examples of sensitive information include the
following:
Personnel information
Computer Passwords
Driver’s License Numbers
Credit Card Numbers
Social Security Numbers
Without protection of the above, the risk of
identity theft and invasion of privacy is greater.
5. Access to medical records must be
authorized.
If an employee accesses or discloses PHI
without a patient’s written authorization or
without a job-related reason of doing so, the
employee violates HIPPA.
An employee may only access or disclose a
patient’s PHI when this access is part of the
employee’s job duties.
6. An employee can never look at PHI for
curiosity reasons.
It also makes no difference if the person is a
family member or close friend; all
information is entitled to the same
protection.
7. Employees must report HIPPA breaches as
part of their responsibility as an employee.
Privacy or security breaches involving PHI
should be reported to your supervisor.
There are serious ramifications for all
breaches.
The cost is $50,000 per incident, $50,000 to
$250,000 in fines and up to 10 years in prison.
8. Individual rights for each patient includes:
Receiving a copy of the practice’s Notice of
Privacy Practices
Request restrictions and confidential
communications of their PHI
Inspect their healthcare records
To file a complaint
9. Patients must sign an authorization form
before their PHI may be released by the
practice to outside parties such as a life
insurer, a bank or a marketing firm.
HIPPA permits use of PHI for
Providing medical treatment
Processing healthcare payments
Conducting healthcare business operations
10. CCHS is required to have safeguards to
protect the privacy of PHI.
Safeguards protect PHI from accidental or
intentional unauthorized use.
Limit accidental disclosures (discussions in
hallways)
Include document shredding, locking doors,
locking file storage areas and use passwords and
codes for access.
11. CCHS safeguards sensitive information by
ensuring the following:
Keeps browser updated and uses security settings
Uses security software
Takes extra precaution when downloading
software
12. Many security breaches come from within the
organization and many of these occur
because of poor password habits.
Use strong passwords (at least 8 characters with
combination of letters and numbers)
Change password frequently
13. Be aware of your surroundings and use
caution.
Do not discuss sensitive information or PHI in
public areas.
14. Keep passwords secret and don’t allow others access
to your computer.
Keep notes in a secure place and don’t leave them in
open areas.
Hold discussions of PHI in private areas and for job-
related reasons only.
Ensure that sensitive information is secure in mailings.
Follow procedures for proper disposal of PHI such as
shredding.
When sending emails, do not include PHI unless
written approval is received and the computer is
encrypted.
15. Hjort, B. (2002). HIPAA Privacy and Security
Training. Journal Of AHIMA, 73(4), 60A-g.
Kongstvedt, P.(2007). Essentials of Managed
Care. (5th Edition). Sudbury, Mass: Jones
and Bartlett Publishers.