HIPAA is a federal law that protects patient privacy and confidentiality of personal health information. It requires securing electronic and physical medical records and protects patient rights regarding their health data. Maintaining privacy is important ethically and to prevent identity theft. Protected health information includes a patient's clinical records, demographics, and identifiers. Staff must only access the minimum necessary information needed for their jobs and protect it from improper disclosure, such as by securing documents and avoiding unnecessary conversations about patients. Violating HIPAA can result in disciplinary action up to termination and civil or criminal penalties.
2. HIPAA &Patient Confidentiality
What is HIPAA?
HIPAA is the Health Insurance Portability and
Accountability Act, a federal law that:
Protects patient privacy of personal health information
(PHI)
Provides for the electronic security of PHI
Provides for the physical security of PHI
Protects patient rights in regard to their health
information
3. HIPAA &Patient Confidentiality
Why is Privacy and Security Important?
State and Federal laws require patient record are kept
confidential
Common use of electronic information systems
increases possibility of unintentional disclosure and
easy access for intentional misuse
To protect against identity theft and fraud
Maintaining patient privacy is the ethical thing to do
4. HIPAA &Patient Confidentiality
What is Protected Health Information (PHI)
PHI includes all written, oral and electronic
information about a patient
It includes:
Patients clinical information
Patient identifiers
Patient demographics
Any other personal information or identifiers (i.e.
drivers license, insurance information, photos, etc.)
5. HIPAA &Patient Confidentiality
Where is PHI located?
Written and electronic medical records
Diagnostic reports
Billing records
Prescriptions, wristbands, labeled I.V. solutions
Virtually anywhere inside a healthcare
organization
6. HIPAA &Patient Confidentiality
How do you use PHI?
Only to do your job
Only in accordance with HIPAA laws
Even then…
Use only the “Minimum Necessary” amount of
information needed to do your job
(For example, an admissions clerk does not need
lab results to admit a patient)
7. HIPAA &Patient Confidentiality
How do you protect the patient’s PHI?
Dispose of PHI properly – shred, DON’T trash
Use caution when Faxing PHI – confirm fax
numbers and confirm receiver is available to
retrieve immediately
Do not use e-mail to send PHI
Lock doors in secure areas
Secure PHI by speaking quietly when discussing
patient information
8. HIPAA &Patient Confidentiality
How do you protect the patient’s PHI?
Avoid conversations about patients outside work area
Avoid use of patient names and identifiers in conversation when
possible
Secure PHI at the end of a work day (log off computers, secure
written documents in locked drawers or cabinets)
Never leave sensitive information on voicemails or
answering machines
Never access PHI except for information specifically
needed to do your job
Never access the PHI of friends, relatives, or any other
individual unless necessary to do your job and without
proper authorization in accordance with hospital policy
9. HIPAA &Patient Confidentiality
What are the consequences of violating HIPAA and Patient
Confidentiality?
Disciplinary action up to and possibly including
termination. Breach will be reported to the patient & the
Department of Health and Human Services
You may be individually subject to civil penalties:
$100/violation not to exceed $25,000 for violations without
cause
$1,000/violation not to exceed $100,000 for violations based
on reasonable cause
In cases of willful neglect, fines from $10,000 to $250,000.
In cases of willful neglect that is not corrected, fines $50,000
per violation up to $1.5 million
10. HIPAA &Patient Confidentiality
What are the consequences of violating HIPAA and
Patient Confidentiality?
You may be individually subject to criminal penalties
for knowingly using, obtaining, or disclosing PHI.
Criminal penalties include:
Fines up to $50,000, imprisonment up to 1 year, or both
Offenses committed under false pretenses, fines up to
$100,000, imprisonment up to 5 years, or both
Offenses committed with intent to sell, transfer, or use PHI
for commercial advantage, personal gain or malicious harm,
fines up to $250,000, imprisonment up to 10 years, or both
14. HIPAA &Patient Confidentiality
References
http://iwww.arh.org/mainsite/Compliance_
HIPAA
Wolper, L.F. (2011). Health care
administration: Managing organized delivery
systems (5th ed.). Boston: Jones and Bartlett.
www.hhs.gov/ocr/hipaa/