What does Confidentiality Mean in the Workplace?

What is HIPPA? Why is HIPPA important? Who is covered under HIPPA? What information is covered under HIPPA? What does HIPPA security imply? What are the disciplinary actions, both

HIPPA’s penalties and organizational penalties, to be taken if HIPPA is not followed?

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 as a way to acknowledge and deal with concerns regarding confidential health information.

The purpose of HIPPA is to ensure that the privacy of personal health information (PHI) is protected

HIPPA protects electronic health information transactions by providing uniform standards

HIPPA is a way to combat fraud and theft within of personal health information within the healthcare industry

The healthcare industry has began using electronic medical records to make care more efficient

Most information breaches happen within healthcare organizations

Employees need to understand what is considered proper use of patient information

HIPPA applies to what is called a covered entity; covered entities include: Health Plans, Healthcare Clearing Houses and Healthcare providers

Health plans are those organizations that provide or pay for healthcare services. Examples of health plans include: insurance companies, Medicare and Medicaid

Healthcare Clearing Houses are organizations that process healthcare information. Examples of these services are both billing and transcription.

Healthcare providers are those that provide healthcare services such as physicians, pharmacies and hospitals. These individuals or organizations become a covered entity when they transfer PHI/

Patient Health Information(PHI) is covered under HIPPA

PHI is any information that relates to the physical or mental health of the patient in the past, present or future. This includes information for payment or any other provisions as part of healthcare.

PHI can also identify patients in what is considered a personal fashion.

PHI is either created by the covered entity or received by the covered entity in order to properly care for the patient.

PHI is considered medical records and anything contained in those records such as insurance information, prescriptions and billing information. This can either be paper or electronic form.

PHI is normally found in patient charts, EMR programs, faxes between providers, emails and even in oral communication.

Those who may have access to PHI are those directly caring for the patient such as physicians, nurses and other clinical personnel

Those also working in the healthcare organization without direct patient contact such as housekeeping personnel, security and IT services

Those who bill for healthcare services or transcribe reports will have access to pertinent information

Those using diagnostic information for research may also have access to PHI

Patients have the right to obtain and amend their PHI. This includes making changes such as requesting restrictions on use, an increase in confidential communications, receive listing of disclosures and reporting a violation.

Patients have a right to know how PHI is used and who it is disclosed to.

Patients have the right to receive the Notice of Privacy Practices for their healthcare provider.

Some entities have special coverage rules when it applies to marketing and fundraising

Administrative measures must detail record keeping and procedure compliance.

The hospital will comply with the terms of compliance as enforced by the Department of Health and Human Services

If a complaint is made an investigation will follow and disciplinary action taken.

All organizations that are considered covered entities must have a process in place for investigating complaints. All complaints must be handled in the same fashion and organizations are prohibited from taking any type of retaliation against those that file complaints.

Federal Punishment Guidelines: Fines start at $100 for civil penalties and can reach up to $25,000 per year; Criminal penalties may reach up to 10 years in prison and $250,000

Those that are found to have improperly used or accessed PHI can be fined under the federal law and will be disciplined as found appropriate by the healthcare organization.

Misuse is considered accessing PHI for a patient that is not under your care

Accessing information of a patient under your care, but that is not pertinent to completing your job, such as a nurse accessing insurance or personal information of a patient admitted to the hospital

Accessing PHI using someone else’s work station or password

Unauthorized access patient e-mails Selling or forwarding PHI to organizations or

individuals that has not been authorized by the healthcare provider or the patient

If you have to question whether your actions are right or wrong, DON’T TAKEN ACTION! Contact your supervisor with any questions. It is important not to assume your actions are correct, if a question arises it is safer to ask first act second.