mha 690 wk1 d2 confidentiality
TRANSCRIPT
CONFIDENTIALITY: UCLA AND CELEBRITY RECORDS
EDWARD STANFORD MD
MHA 690
PROF DAVID COLE
OCT 2, 2014
LA Times reported (2008)
“For decades, tabloids have made a cottage
industry of star ailments”
Examples:
-Dean Martin’s declining health
-Rock Hudson’s AIDS diagnosis
-Bob Hope’s final years in and out of hospitals
-Brittany Spears, Farrah Fawcett, drug overdose of Dennis Quaid’s twins, Patrick Swayze near death
Blankenstein, A (2008)
Serious breech of doctor-patient confidentiality127 UCLA Medical Center employees were fired, suspended, and warned for viewing Social Security numbers, health insurance information, and addresses from April 2003-May 2007. Lawanda Jackson, 50, pleads guilty to felony charges of violating federal medical privacy law for commercial purposes but dies prematurely (LA Times, 2009)
California Department of Public Health cites prior occurrences (Law, 2009).
Laws violated:
Health Insurance Portability Accountability Act (the “Privacy Rule”)
Confidentiality of Medical Information Act (California Civil Code -56 et seq)
Lanterman-Petris-Short Act (California Welfare & Institutions Code – 5000 et seq)
State information Practices Act (California Civil Code sections 1798 et seq)
UCLA Mission and Vision“Our mission is to deliver leading-edge patient care, research, and education”
“Our vision is to heal humankind, one patient at a time, by improving health, alleviating suffering and delivering acts of kindness” (UCLAhealth.org. 2014)
“UCLA Health System has stringent policies familiar to all employees to protect patient confidentiality. All staff and faculty members, contractors, volunteers and other workers are required to sign confidentiality agreements as a condition of their employment and they complete extensive training on federal Health Insurance Portability and Accountability Act – related privacy and security issues” (UCLA newsroom, 2008)
LESSONS LEARNED- Must restrict access to only those who MUST have patient information access
- Must implement way to keep track of who accesses/accessed an individual’s information
- Covered entities are responsible for the actions of their employees
UCLA paid over $860,000 in fines
(abouthipaa.com, 2011)
STAFF TRAINING OUTLINEAll staff (physicians, nurses, ancillary staff) with access to patient information – MANDATORY
What is HIPAA – terms and concepts
What is health information
What is protected health information
What is electronic protected health information
Conducting a fair investigation
Zero tolerance for HIPAA patient privacy violations
Business partners must sign confidentiality agreements
Fines imposed for HIPAA violations
HIPAAThe HIPAA privacy provision took effect on April 14, 2003. Key privacy provisions include the following:
•Patients must be able to access their record and request correction of errors.
•Patients must be informed of how their personal information will be used.
•Patient information cannot be used for marketing purposes without the explicit consent of the involved patients.
•Patients can ask their health insurers and providers to take reasonable steps to ensure that their communications with the patient are confidential. For instance, a patient can ask to be called at his or her work number, instead of home or cell phone number.
•Patients can file formal privacy-related complaints to the US Department of Health and Human Services Office for Civil Rights.
•Health insurers or providers must document their privacy procedures, but they have discretion on what to include in their privacy procedure.
•Health insurers or providers must designate a privacy officer and train their employees.
•Providers may use patient information without patient consent for the purposes of providing treatment, obtaining payment for services, and performing the non-treatment operational tasks of the provider’s business.
Pozgar, 2012, p 295
STAFF TRAINING
What is HIPAA HIPAAHealth Insurance Portability and Accountability
Act 1996
Title I Title II Title III Title IV Title V
Insurance Portability
Tax RelatedHealth Provision
RevenueOffsets
Fraud and AbuseMedical LiabilityReform
AdministrativeSimplification
Group HealthPlan Requirements
Individually Identifiable health Information
Health Information – any that is created or received by a health care provider, health plan, employer, or health care clearinghouse (HIPAA, 1996)
Can involve – past, present, future physical or mental health or condition of an individual, provision of health care, and payments for the provision of health care (45 CFR 160.103, DHHS, 2009)
Protected Health Information (PHI)Examples:
Medical records
Billing records
Any record containing sufficient
information to identify
the individual (DHHS, 2009).
HealthInformation
Individually Identifiable HealthInformation
Protected HealthInformation
Adapted fromHHShipaasagtraining.com, 2009
Electronic Protected Health Information (ePHI)
Any protected health information that is maintained in or transmitted in electronic media
CONCLUSIONSAll medical providers who have any access to a patient’s medical information should understand HIPAA
All medical providers should receive MANDATORY training and understand a zero tolerance for violations
Only individuals who MUST have access to PHI should be allowed access
Employers are responsible for the actions of their employees
REFERENCESAboutHIPAA (2011). Specific lessions from HIPAA privacy and security case at UCLA health system. Accessed from www.abouthipaa.comOct 1, 2014
Blankenstein, A Eyes on celebrity records multiply. May 20, 2008 Accessed from www.latimes.com. Oct 1, 2014.
DHHS (2009). Accessed from www.DHHS.org. Oct 1 2014.
HHShipaasagtraining (2009). Accessed from www.hhshipaasagtraining.com Oct 1, 2104.
HIPAA (1996). Accessed from www.gov.org. Oct 1, 2014.
LA Times (2009). Ex-hospital worker convicted in patient record leaks dies. Accessed from www.articles.latimes.com. Oct 1 2014.
Law, M. (2009). The celebrity California UCLA medical center scandal: Snooping on Celeb Records. Accessed from www.uslaw.com. Oct 1, 2014
Pozgar, G. D. (2012) Legal Aspects of Health Care Administration, 11th Edition. Jones & Bartlett Publishers.
UCLA (2014). Accessed from www.uclahealth.org. Oct 1, 2014.
UCLA Newsroom (2008). ULCA Health system statement on patient confidentiality. Accessed from www.newsroom.ucla.edu. Oct 1, 2014.