STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.

CONFIDENTIALITY  Customers have a right to expect privacy and confidentiality  This applies to all industries  Health  Travel  Entertainment  Education  Etc….

WHAT HAPPENS AT THE DR. OFFICE STAYS AT THE DR. OFFICE  How would you feel if…  You went to the Doctor expecting your information to stay confidential, and the Doctor shared your information with others. Now your family may know of your situation, or you receive junk mail for treating ___ disease. Or people saying congratulations, when you haven’t told anyone you are pregnant. Awkward…….

HEALTH INDUSTRY  Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information. The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral. The Security Rule, a Federal law that protects health information in electronic form, requires entities covered by HIPAA to ensure that electronic protected health information is secure.

HIPAA  Health Insurance Portability and Accountability Act, a 1996 Federal law that restricts access to individuals' private medical information  Protects individuals information  Strict punishments for violations  You usually are asked to sign different forms at the Dr. office to allow them to share information, in certain ways to a select group of people.  This protects under HIPAA requirements  Doctors and Health care professionals want your business and want to stay in business and must follow policies put in place to protect individuals private information.

EDUCATION  Like many other areas, you have right to expect confidentiality.  Along with other things, teachers can’t disclose your grades or behaviors to your neighbors or others. Colleges and Universities can’t release information to spouses, or other family members without written permission.

FERPA  Family Education Rights and Privacy act of Federal Law  Gives students access to their education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records  Examples of situations affected by FERPA include school employees divulging information to anyone other than the student about the student's grades or behavior, and school work posted on a bulletin board with a grade. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record.

OSHA  Occupational Safety and Health Administration (OSHA)  With the Occupational Safety and Health Act of 1970, Congress created the Occupational Safety and Health Administration (OSHA) to assure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance.

TRAVEL INDUSTRY  Today’s world requires a lot of documentation when traveling.  Passports, Id’s, tickets, reservations and plenty of confirmation numbers  Booking trips involves many individuals, in several states or even countries.  It is vital that during the booking, travel and billing process all information is kept safe.  Having theft while traveling (robbery, id theft…… any form of losing money) is already a huge concern for those who travel. Companies must do everything they can to ensure customers’ information will say secure.

RETAIL STORES/ RESTAURANTS/ENTERTAINMENT  Customers use debit and credit cards on a daily basis as a variety of retail locations.  They expect their financial information to stay safe and secure.  Breeches in security, have caused companies $$$ to fix and resolve the issue as well as lose customer business and relations.  Customers also do not want records of their purchases made available

LIABILITIES FACED BY COMPANIES  Lawsuits  Fines  Imprisonment  Loss of permit/license  Pay for corrective services  ID Theft  Credit Score ……..It all comes back to making money, company image and future business.

EXAMPLE FINES FOR HIPAA  General Penalty for failure to comply  100 a time  Wrongful Disclosure of Individually Identifiable Health Information  Thousand dollars  Those in the health industry do want to be fined and pay money out.  Not only do fines hurt the companies revenue, it also can look bad to patients and/or future patients, which could decrease future business.

LAWSUITS  Can happen for any reason  Major liability for companies who violate privacy laws  Costly to the company in payouts, or premiums for insurance.  Messy court situations and not wanted to drag the company name through the mud, cause companies to settle before court dates.

LOSS OF SAFE REPUTATION  Customers want to ensure their information is secure  As companies have breeches in private/secure information, in order to keep a positive image companies  Issue Statements notifying all that might be effected  Pay for reconciliation services  Do all they can to reassure their current and future customers/clients that they have a secure system.

SECURITY  Since confidentiality is viewed as high importance to both customer and business it is imperative to secure private information  Protecting customer’s private information, must be top priority.  Private information includes  Name  Address  Phone  Social Security Number  Family Information  Medical Records  Purchase Records  Bank Information- Credit Card #

TYPES OF THREAT  Internal  Employees/ people within the company or with access  Leaking information for personal gain  Selling contacts to other parties  Misplacing or losing information  i.e. Losing company laptop while on a business trip  Janitors or other personnel with access to secure information  Giving access codes to unauthorized individuals

THREATS  External –people outside of the company  Computer Hackers  Large Variety of ways to attack systems and information  Buyers trying to purchase information  Theft of  computers  Records  Documents