Building a Privacy Foundation
Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal and State Regulations Accreditation Standards Case Law Professional Standards of Practice
What Must Be Kept Confidential? PHI: Protected Health Information
Understanding PHI Individually identifiable information Demographics Any form or medium –Oral –Written –Electronic Medical Records Billing Records Databases
Use of PHI Sharing, application, utilization, examination, or analysis of PHI within the organization
Disclosure of PHI The release, transfer, access, or divulging of PHI to an outside person or entity.
Minimum Necessary What can I access? –Information you “need to know” to do your job Does it apply in every situation? –Treatment –Patient
Minimum Necessary
HIPAA Requirement – Identify members of the workforce who need access to confidential information Identify what information can be accessed Limit access
How Do I Know… …When information is considered private? –Did you learn it through your job? If yes, then it is considered private
How Do I Handle… …An individual asking for access to their record? –Individuals have a right of access –Route requests to appropriate department or staff
How Do I Handle… …An individual’s request to change their medical record? –Individuals have the right to amend or correct their record Requests will be investigated –Route requests to appropriate department or staff
How Do I Handle… –Directory information Name, location, condition in general terms –Other type of clinical or billing information Obtain permission Disclose appropriate information Use judgment if permission cannot be obtained …A family member or close friend asking about a patient?
How Do I Handle… …Another member of the workforce inquiring into a patient’s condition or treatment? –Determine if it is necessary to their position –Is it related to treatment?
“Privacy-Friendly” Practices Abide by the organization’s Notice of Privacy Practices Shred or destroy Fax and copy machine location Talking in public areas Keep patient information out of public areas
“Privacy-Friendly” Practices Secure records in all locations Passwords Computer screens Remember individuals’ right to privacy during treatments
What Happens If… …a privacy policy is violated? –Organization-specific sanctions –Right to file a complaint –Civil and criminal penalties
Take pride and ownership in the fact that your organization is concerned about privacy and recognizes its importance in providing quality healthcare.