HIPAA is a federal law that protects patient privacy and confidentiality of personal health information. It requires securing electronic and physical medical records and protects patient rights regarding their health data. Maintaining privacy is important ethically and to prevent identity theft. Protected health information includes a patient's clinical records, demographics, and identifiers. Staff must only access the minimum necessary information needed for their jobs and protect it from improper disclosure, such as by securing documents and avoiding unnecessary conversations about patients. Violating HIPAA can result in disciplinary action up to termination and civil or criminal penalties.

1. HIPAA &Patient Confidentiality

2. HIPAA &Patient Confidentiality
What is HIPAA?
 HIPAA is the Health Insurance Portability and
Accountability Act, a federal law that:
 Protects patient privacy of personal health information
(PHI)
 Provides for the electronic security of PHI
 Provides for the physical security of PHI
 Protects patient rights in regard to their health
information

3. HIPAA &Patient Confidentiality
Why is Privacy and Security Important?
 State and Federal laws require patient record are kept
confidential
 Common use of electronic information systems
increases possibility of unintentional disclosure and
easy access for intentional misuse
 To protect against identity theft and fraud
 Maintaining patient privacy is the ethical thing to do

4. HIPAA &Patient Confidentiality
What is Protected Health Information (PHI)
 PHI includes all written, oral and electronic
information about a patient
 It includes:
 Patients clinical information
 Patient identifiers
 Patient demographics
 Any other personal information or identifiers (i.e.
drivers license, insurance information, photos, etc.)

5. HIPAA &Patient Confidentiality
Where is PHI located?
 Written and electronic medical records
 Diagnostic reports
 Billing records
 Prescriptions, wristbands, labeled I.V. solutions
 Virtually anywhere inside a healthcare
organization

6. HIPAA &Patient Confidentiality
How do you use PHI?
 Only to do your job
 Only in accordance with HIPAA laws
 Even then…
 Use only the “Minimum Necessary” amount of
information needed to do your job
(For example, an admissions clerk does not need
lab results to admit a patient)

7. HIPAA &Patient Confidentiality
How do you protect the patient’s PHI?
 Dispose of PHI properly – shred, DON’T trash
 Use caution when Faxing PHI – confirm fax
numbers and confirm receiver is available to
retrieve immediately
 Do not use e-mail to send PHI
 Lock doors in secure areas
 Secure PHI by speaking quietly when discussing
patient information

8. HIPAA &Patient Confidentiality
How do you protect the patient’s PHI?
 Avoid conversations about patients outside work area
 Avoid use of patient names and identifiers in conversation when
possible
 Secure PHI at the end of a work day (log off computers, secure
written documents in locked drawers or cabinets)
 Never leave sensitive information on voicemails or
answering machines
 Never access PHI except for information specifically
needed to do your job
 Never access the PHI of friends, relatives, or any other
individual unless necessary to do your job and without
proper authorization in accordance with hospital policy

9. HIPAA &Patient Confidentiality
What are the consequences of violating HIPAA and Patient
Confidentiality?
 Disciplinary action up to and possibly including
termination. Breach will be reported to the patient & the
Department of Health and Human Services
 You may be individually subject to civil penalties:
 $100/violation not to exceed $25,000 for violations without
cause
 $1,000/violation not to exceed $100,000 for violations based
on reasonable cause
 In cases of willful neglect, fines from $10,000 to $250,000.
 In cases of willful neglect that is not corrected, fines $50,000
per violation up to $1.5 million

10. HIPAA &Patient Confidentiality
What are the consequences of violating HIPAA and
Patient Confidentiality?
 You may be individually subject to criminal penalties
for knowingly using, obtaining, or disclosing PHI.
Criminal penalties include:
 Fines up to $50,000, imprisonment up to 1 year, or both
 Offenses committed under false pretenses, fines up to
$100,000, imprisonment up to 5 years, or both
 Offenses committed with intent to sell, transfer, or use PHI
for commercial advantage, personal gain or malicious harm,
fines up to $250,000, imprisonment up to 10 years, or both

11. HIPAA &Patient Confidentiality
Questions or concerns regarding
HIPAA or use of PHI should
be directed to your supervisor
or the Compliance Department

12. HIPAA &Patient Confidentiality
Protect your
patient’s privacy
and protect
yourself!

13. HIPAA &Patient Confidentiality

14. HIPAA &Patient Confidentiality
References
http://iwww.arh.org/mainsite/Compliance_
HIPAA
Wolper, L.F. (2011). Health care
administration: Managing organized delivery
systems (5th ed.). Boston: Jones and Bartlett.
www.hhs.gov/ocr/hipaa/