Patient Confidentiality

Category: Education

Presentation Description

Ashford Assignment


Presentation Transcript

Patient Confidentiality:

Patient Confidentiality Steven Scott Ashford University Health Care Capstone MHA 690 Dr. Jared Thomas Rutledge January 8, 2016

XYZ Hospital’s Confidential Patient Information Usage Guidelines:

XYZ Hospital’s Confidential Patient Information Usage Guidelines XYZ requires all employees, providers and contractors to adhere to policies and procedures covering the use of patient information Initial training is presented along with competency information Annual retraining of employees, providers and contractors is mandatory Failure to adhere to XYZ’ policies toward confidential patient information, whether verbal, paper or electronic access may result in termination of employment or contracted services This means you!

Patient confidentiality is the responsibility of all health care workers:

Patient confidentiality is the responsibility of all health care workers HIPAA – Legislation which provides guidelines for confidential patient information The law was developed in 2000 45 CFR provides information covering necessary requirements for accessing information, who is allowed, operation under a Business Associate Agreement, use of information in marketing endeavors, research and governmental access Even well-run hospitals are susceptible to violations UCLA had a major breach of confidential information by multiple employees from 2004 to 2006 resultant in numerous terminations (Associated Press, 2008; " HIPAA," n.d. )

Minimum Requirements for Accessing Patient Information:

Minimum Requirements for Accessing Patient Information Only employees, providers or contractors deemed as authorized may access patient information The entity accessing the information MUST have a justified reason for accessing the information Only the minimum information necessary in accessing the information is permitted XYZ routinely audits patient information accession Consubstantial with Jonczyk’s (2014) premise, XYZ’ culture is that of ethical pursuit, and violations will not be tolerated ( Jonczyk , 2014; " HIPAA," n.d. )

Business Associate Agreements:

Business Associate Agreements A Business Associate Agreement or BAA is required to be on file with XYZ between itself and any contracted entity requiring access to confidential information on behalf of a covered entity Examples might include attorneys, outside auditors, transcriptionists etc. BAA’s must be renewed annually Exceptions to BAA’s include, but are not limited to, referrals out for additional care, laboratories, and disclosures to group health plans ("HIPAA," n.d. )

Confidentiality in Marketing:

Confidentiality in Marketing XYZ does use patient information for marketing purposes Before the information can be used, the patient must give consent There are few exceptions, and XYZ has policies governing usage ("HIPAA," n.d. )


Research Confidential patient information can be used in research Hospital Institutional Review Boards or IRB’s can allow access if it poses minimal risk to the patient, information is destroyed after use, written assurance of usage is documented, the research would likely not have been available without waiver, and the research could not likely have been performed without access to the information XYZ has a IRB, and policies and procedures for assurance of the above ("HIPAA," n.d. )

Governmental Access to Confidential Patient Information:

Governmental Access to Confidential Patient Information Government agencies operate under essentially the same guidelines The Department of Health and Human Services requires that hospitals and health plans cooperate in sharing confidential patient information on a ‘need to know’ basis Examples might include investigation of compliance and complaints centering on alleged breaches of confidential information ("HIPAA," n.d. )


Conclusion All health care workers are responsible for maintaining confidential patient information Accessing confidential information MUST only be attempted when there is a genuine ‘need to know’ Contracted entities must work under a BAA Violating XYZ’ policies can lead to termination Violators can be individually prosecuted by the DOJ, and individually sued by patients for violating HIPAA rules If you don’t need to know, don’t do it


References Associated Press. (2008). Report: Over 120 UCLA hospital staff saw celebrity health records. Retrieved from http:// Health information privacy. ( n.d. ). Retrieved from http:// Jonczyk , J. (2014, December 1). The relationship between organizational culture and innovation in the opinion of the medical staff of public hospitals. Hyperion International Journal of Econophysics & New Economy , 7 (2), 277-292. Retrieved from

authorStream Live Help