2. BreachofconfidentialityatUCLAbyover120employees
• As Fox news reported the California Department of Public Health
released a statement stating that over 120 hospital staff
inappropriately viewed patient health records between January of
2004 and June of 2006. (www.foxnews.com) The blame falls directly
on the hospital administrators for not taking appropriate steps to
ensure this type of activity does not occur by adequately training
their staff as to what the appropriate uses of patient information is.
Since this is a problem with current staff a new training protocol
should be implemented to train, retrain, or refresh all staff on HIPAA
guidelines in protecting the privacy of patients. New hires will also
be required to go through the HIPAA training course as protecting
patient information must be a top priority for all health care
organizations.
3. Whatisconsideredprotectedinformation?
• According to HIPAA protected health information is considered
individually indentifiable health information held or disclosed
by a covered entity. Patient health information includes:
patient’s name; Social Security number or medical record
number; specific dates such as a birth, admission, discharge,
or death; or any other information that may be used to
identify a patient. This may include information about past,
present, or future physical and mental conditions; the
provision of healthcare to an individual; or the past, present,
or future payment for the provision of healthcare. (Cascardo,
2012) A practice must refrain from discussing any aspects of
progress notes, court records, domestic violence police
reports, mental health documents, etc, with anyone unless
the patient has signed a release form in advance.
4. Whatisavalidreleaseorauthorizationform?
• A specific description of the information to be used or
disclosed
• The name of the person(s) or organization that will be
authorized to release the information
• The name of the person(s) or organization to whom the
information is authorized to be released
• A description of the purpose of the use of the disclosure
• A date or even of expiration
• The signature of the individual/patient and date, the form may
also be signed by a personal representative but must include
the relationship that exist between the two
6. WhatconstitutesabreachofHIPAA?
• A breach essentially means that there has been an
impermissible use or disclosure under the Privacy Rule that
compromises the security or privacy of the patient health
information. This breach can cause significant risk of financial,
reputational, or other harm to the affected individual.
Typical Security risks include:
• Unauthorized access by employees
• Misuse of authorized access
• Ineffective disposal of patient health information
7. MinimumNecessaryRule
• It is extremely important that staff remember HIPAA’s
minimum necessary requirement rule which states that only
the minimum necessary patient health information should be
shared to satisfy a particular purpose. If information is not
required to satisfy a particular purpose then it must be
withheld. It is important for staff to understand that access is
allowed only for the function they need to perform such as a
pharmacist would only need to access the patient’s history of
prescriptions in order to perform their job function.
8. Conclusion
• Patient privacy and protection under HIPAA is the
responsibility of all staff at all times. When patient
information is mishandled then the patient as well as the
community lose their trust in the organizations ability to
provide high quality care while also protecting sensitive
patient health information. Following the HIPAA guidelines is
of the upmost importance and adherence to these policies is
expected of all staff at all time. Failure to do so will result is
disciplinary actions for the staff involved.
9. References
• Cascardo, D. (2012). What to do before the Office of Civil
Rights comes knocking: Part 1. Medical Practice
Management, May/June, 337-340. Retrieved from ProQuest
database.