Week1discussioncapstone
- 1. Protecting Patient’s Privacy: UCLA’s Training Guide
- 2. Threat From Within • Sometimes good employees don’t follow policies and procedures • Inadvertent misuse of data by employees topped the list of breaches in 2013 • 42 % of employees have received training • 57 % said they didn’t know their organizations security policies • Organizations MUST have policies and procedures and train staff about them • Staff then need to be tested about what they have absorbed in the training
- 3. Technology • Technology has exploded with reference to storing, communicating, and referencing medical information It enhances patient care......BUT What are the Ethical-Legal Implications??? Staff Need To Be Made Aware of Their Role
- 4. What Information Do You Need? • Physicians, technologists, and other healthcare professional use technology for disease management and treatment options • Access is broadened to permit links from associations • Information about medical information can be retrieved, copied and retransmitted by anyone with access and a password
- 5. HIPAA Privacy Rule: It will guide you • The Health Insurance Portability and Accountability Act of 1996 was created to safeguard electronic healthcare transactions • The Privacy Rule was enacted in 2003 Privacy Rule Security Rule • Protects patients privacy and provides patients access tot their medical records • Formal policies and procedures to regulate conduct of personnel protecting data
- 6. Understanding the Purpose of HIPAA??? • Balance protecting the privacy of patients’ health information and making sure the information to health care workers to provide care and payment for care • A Covered Entity (CE): Is facility AND STAFF • Only the MINIMUM amount of PHI needed to accomplish for the intended use, disclosure or request should be used
- 7. IT’S THE CONSTITUTION Congress Mandates: “The Privacy Of An Individual Is Directly Affected By The Collection, Maintenance, Use AND Dissemination of PERSONAL INFORMATION!” The Right to Privacy is an Individuals Constitutional Right!
- 8. Ethical and Legal Considerations for Your Staff • Ethics sets the behavioral standards by moral values • Law is an objective rule of conduct or action The HealthCare Professional MUST: Respect Autonomy (respect others decision making) Beneficence (help others reach their interests) No maleficence (do no harm) Justice (all people deserve the same treatment)
- 9. Planning • A manager needs to set goals, outline, costs, desired results, impact on other systems, vendor selection, and setting priorities Know your systems Know what needs to be added to your system What changes need to be made to the current program?
- 10. What Training Should Be Put In Place? • Create a culture of compliance • Ensure there is policy awareness • Discuss incident response and risk analysis • The training sessions should include the difference between “ignorance” and “willful neglect” • There will be online education of HIPAA Security and Privacy Rules with a questionnaire of staff knowledge at the end on an annual basis • Staff will sign an attestation of their commitment to patient privacy
- 11. Steps To Train 1. Training will be part of orientation of new hires 2. Annual training will be required for all staff 3. Develop a program that perpetuates itself and becomes part of the organizational culture 4. Training is education of the knowledge, how-to’s, and ongoing awareness 5. PHI should be covered in verbal, written, and electronic forms 6. Communication process for questions after training 7. Repertoire accessible for up to date policies and procedures 8. Have a process for evaluating the training programs effectiveness, reliability, and validity 9. Have a verification process for security awareness training before receiving access to PHI
- 12. How will the training be deemed effective? • Give periodic quizzes to follow up training • Distribute a privacy and security awareness survey • Send follow-up questionnaires to those who attended the training 4 to 6 months following the training • Monitor the number of compliance infractions • Measure privacy and security knowledge as part of the yearly performance evaluation • Place feedback and suggestion forms on the organization intranet • Track the number and type of privacy and security incidents that occur before and after training
- 13. References AHIMA. (2010). HIPAA Privacy and security training (updated). Retrieved from http://library.ahima.org/xpedio/groups/public/ documents/ahima/bok1_048509.hcsp?dDocName=bok1_048509. Cascardo, D. (2013). What to do before the Office for Civil Rights comes knocking-Part 2. Podiatry Management, 32(8), 169-174. Herold, R., & Beaver, K. (2015). The practical guide to HIPAA Privacy and Security compliance (2nd Ed.). Taylor & Francis Group: Boca Raton, FL. Polito, J. (2012). Ethical considerations in Internet use of electronic protected health information. Neurodiagm Journal, 52(1), 34-41. Zamosky, L. (2014). Avoid the breach: Put data security measures in place. Physician Executive, 40(4), 82-84.
Editor's Notes
- #3: (Zamosky, 2014)
- #4: Patients have the right to obtain and control their medical records, including who gets to see them (). Who is responsible for maintaining confidentiality? How will confidentiality be monitored? Who will be accountable for breeches and to what degree (Polito, 2012).
- #5: (Polito, 2012)
- #6: Moreover, the Security Rule sets physical safeguards (protecting computer systems and network systems from physical intrusion and hazards), technical security services (regulates the safety and security of stored data on a network), and technical security mechanisms (for encryption of PHI (protected health information) (Polito, 2012).
- #7: (Polito, 2012)
- #8: (Polito, 2012)
- #11: (Cascade, 2013)
- #12: (AHIMA, 2010)
- #13: (Herold & Beaver, 2015).