Embed Size (px)
Citation preview
INSIDER SNOOPING
Peggy Huff-JohnsonMHA690: Healthcare Capstone
Dr. David ColeJune 30, 2015
INTRODUCTIONInsider Snooping is the most common HIPPA violations where a medical practice’s own employees peek
into the medical records of friends, fellow workers and even celebrities (Chaput, 2014). In the case of
UCLA Hospital in Los Angeles, more than 120 workers snooped into celebrities' medical records and
other personal information without permission between January 2004 and June 2006. The celebrities
that were violated were: Britney Spears, Farrah Fawcett and Maria Shriver. The hospital was blamed for
not taking appropriate steps to maintain patient confidentiality. The violations led to several firings,
suspensions and warnings (Fox News, 2008). This presentation will provide training techniques to avoid
this behavior as well as review HIPPA/HITECH violations.
Training Initiatives that Managers can Implement
First, seek benchmarks from other healthcare organizations’ initiatives. For example, West Virginia University Hospital’s implementations were:
Sent out monthly security reminders that comes from the hospital’s privacy and security officer.
Daily employee audits.
Utilized digital media boards for reminders.
Conduct a security risk analysis, preferably guided by experienced compliance professionals.
Clearly communication your no-snooping policy to all employees.
Password protect medical files depending on “a need to know basis”.
Conduct background checks.
Allow patients to restrict the sharing of PHI.( Chaput,
2014)
How Can Training on Confidentiality be Effective for Employees
Training on confidentiality can be effective for the employees because they often think that they can snoop and get away with it, and they often do not understand how serious the consequences can be.
Not only can they be fired, but they can also jeopardize their entire careers and lose their license.
These consequences must be emphasized, emphatically. Many employees think: “What’s the harm of a little peep?” They don’t realize that a small incident of peeping can cost their employer millions of dollars and ruin their careers
(Solove, 2014).
HIPPA Violations
The Health Insurance Portability and Accountability Act (HIPPA)of 1996, was passed to protect an employee's health insurance coverage when they lose or change jobs. It also has provisions to ensure the privacy and confidentiality of identifiable health information (Chaput, 2014).
Penalties
A person that knowingly and in violation of the HIPAA rules puts them in jeopardy of criminal prosecution. If convicted, the level of punishment depends on the seriousness of the offense:
Fine of up to $50,000 and/or imprisonment for up to a year for a simple violation.
Fine up to $100,000 and/or imprisonment up to five years if the offense is committed under false pretenses.
Fine of up to $250,000 and/or imprisonment up to ten years for offenses committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.
Reference
Chaput, M. (2014). Don't let your practice get stung by 'snooping'. Medical Practice Insider. Retrieved from http:// www.medicalpracticeinsider.com/best-practices/dont-let-your-practice-get-stung-snooping.
Fox News.(2008). Report over 120 UCLA hospital staff saw celebrity health records. Retrieved from http://www.foxnews.com/story/0,2933,398784.00.html.Fox News. (2008).
McCann, E. (2015). How one health system is putting an end to insider snooping. Healthcare IT News. Retrieved from http://www.healthcareitnews.com/news/how-one-health-system-putting-end--insider-snooping.
Solove, D. (2014). Ebola and privacy: snooping, confidentiality, and HIPAA. TeachPrivacy. Retrieved from https://www.teachprivacy.com/ebola-privacy-snooping-confidentiality-hipaa/.
