mc connell pp_ch25
DESCRIPTION
TRANSCRIPT
© 2010 Jones and Bartlett Publishers, LLC
Umiker's Management Skills for the New Health
Care Supervisor, Fifth Edition
Charles McConnell
© 2010 Jones and Bartlett Publishers, LLC
Chapter 25
Privacy and Confidentiality, Privacy and Confidentiality,
Employees and ClientsEmployees and Clients
© 2010 Jones and Bartlett Publishers, LLC
Privacy Today
There is a growing belief in American
society concerning the right of the
individual to privacy. There are also
increasing doubts about how the
government might use information
that it collects about individuals.
© 2010 Jones and Bartlett Publishers, LLC
Privacy and the Law
Title VII of the Civil Rights Act of 1964
Privacy Act of 1974
Employee Polygraph Protection Act of
1988
Employee Polygraph Protection Act of
1988
© 2010 Jones and Bartlett Publishers, LLC
Personnel Files
Considered the property of the
employer., but any organization
having a privacy policy in place will
strictly limit access to personnel
files to those having a legitimate
need for the information
© 2010 Jones and Bartlett Publishers, LLC
Employee Searches
Every organization should have an official
policy governing such searches, publicized
so that employees know that searches can
occur and the basis for the searches,
specifically whether they can to occur at
random or for reasonable cause or both.
© 2010 Jones and Bartlett Publishers, LLC
Employee Health Records
Once integrated into personnel files,
employee health records are now
considered legitimate medical
records and thus subject to stricter
rules of accessibility.
© 2010 Jones and Bartlett Publishers, LLC
Patient Privacy and Confidentiality
Patient records should always be
held in the strictest confidence. It is
a violation of ethical principles to
reveal patient information to
anyone outside of the organization
without proper authorization.
© 2010 Jones and Bartlett Publishers, LLC
Patient Privacy and Confidentiality
No information about a patient’s
condition—not even acknowledgment
that the individual is a patient—should
be given out without the express
permission of the patient (or individual
empowered to act for the patient).
© 2010 Jones and Bartlett Publishers, LLC
Information Security
Health information management (HIM)
employees must fully orientated and trained.
All HIM employees should be required to
complete a confidentiality statement.
Students, researchers, and others having
access to health care data should receive be
oriented and sign a confidentiality statement.
© 2010 Jones and Bartlett Publishers, LLC
Information Security
Provisions for data security should be included
in any contract for external services.
All requests for the release of information
should be processed centrally in HIM.
Detailed rules should be developed and
enforced to limit the use of health care data.
© 2010 Jones and Bartlett Publishers, LLC
Information Security
There should be appropriate safeguards
for computerized processing and
storage of health information.
Only persons with a legitimate and
verifiable need to know should be
permitted access to confidential health
care information.
© 2010 Jones and Bartlett Publishers, LLC
“HIPAA”
THE HEALTH INSURANCE
PORTABILITY AND ACCOUNTABILITY
ACT Of 1996
© 2010 Jones and Bartlett Publishers, LLC
HIPAA Title II
HIPAA consists of Titles I, II, III, IV,
and V. It is Title II, devoid of any
significant reference to health
insurance, that addresses privacy
and confidentiality.
© 2010 Jones and Bartlett Publishers, LLC
HIPAA Title II
The full name of Title II is: “Preventing Health Care Fraud and
Abuse, Administrative Simplification, and Medical Liability
Reform.”
Within Title II is the “Privacy Rule”
© 2010 Jones and Bartlett Publishers, LLC
Intent
The law was intended to strike a balance
between ensuring that personal health
information is accessible only to those who
truly need it and permitting the health care
industry to pursue medical research and
improve the overall quality of care.
© 2010 Jones and Bartlett Publishers, LLC
Reality
The applicable portions of Title II created
much work and expense for health care
providers and organizations that do
business with them, plus creating
inconvenience and often frustration for
patients and their families.
© 2010 Jones and Bartlett Publishers, LLC
Public Reaction
Patients and patient advocates
claimed that these new
requirements were forcing people to
choose between access to medical
care and control of their personal
medical information.
© 2010 Jones and Bartlett Publishers, LLC
Patients’ Rights Under HIPAA
Patients are entitled to know how their
personal medical information will be used or
disclosed.
Patients may request and receive copies of
their health records.
Patients may ask for corrections,
amendments, or restrictions to their
personal medical information.
© 2010 Jones and Bartlett Publishers, LLC
Patients’ Rights Under HIPAA
Patients may request a full
accounting of disclosures of their
personal medical information.
Patients may file complaints if they
believe their privacy rights have
been violated.
© 2010 Jones and Bartlett Publishers, LLC
Patients’ Rights Under HIPAA
Employers and marketers are prevented
from obtaining patient medical information
without the patient’s express written
authorization.
A hospital inpatient may forbid the facility
to release information on his or her medical
condition to anyone.
© 2010 Jones and Bartlett Publishers, LLC
Non-Consent Uses
There are a number of instances in
which personal medical information
can be used without patient consent.
These are related mostly to
research and public health uses, and
patient identification is removed.
© 2010 Jones and Bartlett Publishers, LLC
Widespread Requirements
All health care plans and providers
and all other organizations that
serve the direct providers of health
care, such as billing services and
medical equipment dealers. All
affected entities must: (next)
© 2010 Jones and Bartlett Publishers, LLC
Widespread Requirements
Safeguard patient information in all forms from unauthorized use or distribution.
Protect patient information from misuse. Implement specific data formats and code
sets for consistency of and preservation. Establish audit mechanisms to safeguard
against fraud and abuse.
© 2010 Jones and Bartlett Publishers, LLC
Widespread Requirements
Contracts with involved organizations must: Define the proper uses of all patient data; Specify audit mechanisms and safeguards; Require disclosure when patient information
is improperly used or disclosed; and Call for the destruction or return of protected
patient information when no longer needed.
© 2010 Jones and Bartlett Publishers, LLC
Departmental Involvement
Privacy rule compliance involves:
Information technology;
Health information management;
Social services;
Finance;
Administration; and
Various ancillary or supporting services.
© 2010 Jones and Bartlett Publishers, LLC
Effects on Systems
The HIPAA Privacy Rule created a
widespread need for health care
providers to reengineer their
systems to protect their patient
information infrastructures and
combat misuse and abuse.
© 2010 Jones and Bartlett Publishers, LLC
HIPAA and the Supervisor
Depending on the kind of activity you
supervise, the requirements of HIPAA
can significantly affect your role. In
some departments you may never
have to concern yourself with HIPAA;
in others HIPAA will be with you daily.