Information about HIPPA and confidentiality law.

1. Confidentiality
HIPAA
Carlos F. Martinez MHA, M.Ed.
http://carlosFmartinez.com

2. CONFIDENTIALITY
Did you know that…?

3. In Jacksonville FL
 An employee’s teenage girl was
left unattended in a hospital and
she looked up patient’s phone
numbers and phoned them to
tell them they had tested
positive for HIV. One of them
attempted suicide.

4. In Rapid City SID
 A medical student “stole” the
records of a mental health patient to
do a research paper. He then threw
them away in the dumpster of a fast
food restaurant. A person found
them and gave them to a newspaper
reporter

5. In Miami FL
 Hundreds of JMH employees
browsed through the records
when Italian designer Gianni
Versace was transferred to this
facility, even though few of them
were actually involved in the
case.

6. What is HIPAA?
 H…health
 I…insurance
 P…portability
 A…accountability
 A…Act

7. HIPAA…Definition
 A US law designed to provide privacy
standards to protect patients' medical
records and other health information
provided to health plans, doctors,
hospitals and other health care
providers.
(http://www.medterms.com/script/main/art.asp?
articlekey=31785)

8. HIPAA
 The
Health Insurance Portability and Accountability
(HIPAA) was passed on August 21, 1996
 The final version of the HIPAA Privacy
regulations were issued in December 2000,
and went into effect on April 14, 2001
(http://www.hipaaps.com/main/background.html)

9. What is health insurance
accountability?
A patient’s health information is to
be kept private and secure. Only
people who MUST have information
about the client to provide care or to
process client’s records should
know his/her private health
information

10. What information must you
protect?
• Information you create or receive in the course of
providing treatment or obtaining payment for
services or while engaged in teaching and research
activities, including:
 Information related to the past, present or future
physical and/or mental health or condition of an
individual
 Information in ANY medium − whether spoken,
written or electronically stored − including videos,
photographs and x-rays

11. Protected Health Information (PHI)
 A person who passes a computer screen
or a fax machine, the individual cleaning
your hospital room or any other person
talking in an elevator SHOULD NOT learn
anything about a patient’s health
information because it is private. It must
be protected – and it is called Protected
Health Information (PHI).

12. Protected Health Information (PHI)
HIPAA defines PHI as individually identifiable health information
including:
 Name, geographic information (address,
city, zip code, etc), birth date, admission
date, discharge date, date of death,
phone/fax/cell number, email address, SS #,
account #, insurance #, license #, vehicle ID,
URL, IP address, photograph, and/or any
unique identifier.

13. "WRONGFUL DISCLOSURE OF
INDIVIDUALLY IDENTIFIABLE HEALTH
INFORMATION”
"SEC. 1177. (a) OFFENSE.--A person who
knowingly and in violation of this part—
 uses or causes to be used a unique health
identifier;
 obtains individually identifiable health
information relating to an individual; or
 discloses individually identifiable health
information to another person,
 shall be punished…

14. PENALTIES
 be fined not more than $50,000, imprisoned not
more than 1 year, or both;
 if the offense is committed under false
pretenses, be fined not more than $100,000,
imprisoned not more than 5 years, or both; and
 if the offense is committed with intent to sell,
transfer, or use individually identifiable health
information for commercial advantage, personal
gain, or malicious harm, be fined not more than
$250,000, imprisoned not more than 10 years, or
both
http://aspe.hhs.gov/admnsimp/pl104191.htm#1176

15. Definition
 falsepretense - (law) an offense
involving intent to defraud and
false representation and
obtaining property as a result of
that misrepresentation.

16. HIPAA Privacy Rule & Preemption
 If a state or federal law or regulation
grants the client greater access to their
PHI, then it will preempt HIPAA
 If a state or federal law or regulation gives
the client health information greater
protections from disclosure then it will
preempt HIPAA

17. Ways to Protect Privacy
 Refrainfrom talking about
your patients/clients in public
places: cafeteria, elevator, by
the water cooler, in lounges,
waiting rooms or parking lot.

18. Ways to Protect Privacy
 Make sure no one can see your computer
screen while you are working
 Never share your access code
 Log off when you leave your work
area/computer
 Change your password and notify your
supervisor if your password becomes
known by anyone else

19. Ways to Protect Privacy
 Never leave information on voice-mail or
emails…you don’t know who has access
to those messages
 Leave only your name and number on
your client’s answering machine when
you ask him/her to call you back
 Make sure you are in a private area when
you listen to or read your messages

20. Ways to Protect Privacy
 Make sure no one around you can overhear
your conversation, especially in an office or
waiting room
 Never leave documents unattended:
– Store, file, shred or destroy according to
your agency/school policy

21. Ways to Protect Privacy
 Make sure fax numbers are correct and
use a cover sheet with a confidentiality
statement.
 Give your supervisor forms or materials
with client information you find in places
such as:
– a classroom or lounge, cafeteria, floor or
wastebasket.

22. Ways to Protect Privacy
 If you happen to see a client in a public
place, be careful when greeting him/her.
They may not want others to know they
have been a client
 If a client comes to your office with
another person, s/he may not want that
person to hear his/her private information,
so ask the person to wait outside

23. Question
1. A staff person whom you supervise clinically
finds you in the staff break room and starts
describing a counseling session s/he had with a
client today so that s/he can ask for your advice.
How would you handle the situation?
 A. Let the staff person describe the details so
that you can provide him/her with guidance.
 B. Politely remind him/her that you are in a
public area and ask him/her to accompany you to
your office so that you can discuss this in
private
 C. Ask him/her to get authorization from the
client before s/he discusses it further.

24. Question
 Areyou willing to risk being
fined, losing your job, your
license, or going to jail because
you don’t follow the legal, the
ethical, the RIGHT thing to do?

25. THANK YOU
Questions?
carlos@carlosFmartinez.com