View
140
Download
0
Category
Preview:
Citation preview
General Hospital: Protecting Patient Privacy and Confidentiality
Cassandra GibbsMHA: 690
Week 1 Discussion 21/7/2015
Defining the Issues
• Patient Privacy – Keeping all personal information [as outlined in federal law] safe in conversation, HIE, messaging, and security of EHRs
• Confidentiality – Limiting disclosure of when or how private information is shared; especially without prior permission from the patient
• Breach – Accessing, utilizing, disclosing, or acquiring protected health information that threatens its security [intentional or not]
Who it Involves
• Health care management • All staff employed by the facility• Employers • Insurers and other third parties • Patients • Providers• Medical researchers
Positive Promotions
• Compliance with Federal laws• Patient trust and satisfaction• Accountability• Patient safety• Enhanced reputation• Due diligence• Reduction in medical error
Federal Laws• Privacy Act of 1974 – access of records, limiting
disclosure of private information• Health Insurance Portability and Accountability Act of
1996; Privacy Rule of 2000 – guidelines for privacy rights and rule violations
• HIPAA Security Rule – technical, physical, and administrative security compliance
• Federal Trade Commission: Health Breach Notification Rule – prompt notification to victims of a breach
• HITECH Act of 2009- HIT meaningful use adoption
Current Violations/Penalties [per incident]
Civil• Unintentional: $100 (min);
$25,000 (repeat); $50,000 (max)• Reasonable cause: $1,000 (min);
$100,000 (repeat); $50,000 - $1.5 mil (max)
• Willful neglect [corrected]: $10,000 (min); $250,000 (repeat); $50,000 – $1.5 mil (max)
• Willful neglect [uncorrected]: $50,000 (min); $1.5 mil (annual max)
Criminal• Imprisonment from one to
10 years depending on the prior knowledge and severity of the violation
Quick Facts
• Employees commit the majority of data breaches
• Up to 37% search for medical information on fellow employees
• More than 25% research PHI of family members or friends without authorization
• Viruses and outdated security account for other major areas of data breach
What We Can Do: Confidentiality/Privacy
Secure usernames and
passwords
Protect other online accessible
devices
Log out of all servers
Encrypt all files and block personal
identifiers
Never send more than what
is needed
What We Can Do: Security
• Shred and destroy all unused or outdated documents
• Make sure antivirus software and definitions are up to date
• Do not reveal computer screens to the public• Store hardware not in use in a secure location• Ask for identification from unfamiliar personnel• Report! Report! Report! (any suspicious activity)
What We Can Do: Electronic Information
• Do not alter or delete information in PHI unless authorized
• Never share, save, or store passwords for any reason
• Do not give work computer access to non employees
• Do not open unknown emails or attachments• Only use approved servers for email and other
communications containing PHI
Monitoring
• Should be continuous• Abide by Security Management Process (per
HIPAA & HITECH)• Continue education and training of staff to
remain current• Create internal policies and provisions for
disciplinary action if needed
References• American Medical Association (2015). HIPAA violations and enforcement.
Retrieved from http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing- insurance/hipaahealth-insurance-portability-accountability- act/hipaa-violations-enforcement.page?
• Chadwick, A. (2012). A dignified approach to improving the patient experience: Promoting privacy, dignity and respect through collaborative training. Nurse Education in Practice, 12(4), 187-91.
• Health IT (2010). Summary of selected federal laws and regulations addressing confidentiality, privacy, and security. Retrieved from https://www.healthit.gov/sites/default/files/privacy-security/federal- privacy-laws-table2-26-10-final.pdf
• HIPAA Survival Guide (2015). HIPAA definition of breach. Retrieved from http://www.hipaasurvivalguide.com/hipaaregulations/164- 402.php
• Huang, C., Lee, H., & Lee, D. (2012). A privacy-strengthened scheme for E-Healthcare monitoring system. Journal of Medical Systems, 36(5), 2959
Recommended