290 likes | 644 Views
Absolute integrity in all relationships and dealings. At Adventist Health, We Value …. We Value…. INTEGRITY Firm adherence to a code of moral values. Our Patients Famous Not so famous Not at all famous Our Patients’ Families Ourselves As Employees As Patients Our Families As Patients.
E N D
Absolute integrity in all relationships and dealings At Adventist Health, We Value …
We Value… INTEGRITY Firm adherence to a code of moral values
Our Patients Famous Not so famous Not at all famous Our Patients’ Families Ourselves As Employees As Patients Our Families As Patients Our Coworkers As Patients Employees Physicians Volunteers Students Hospital Board Members Our Friends and Neighbors As Patients Our Relationships are…
In Each Relationship We Share… • The RIGHT to have the confidentiality of OUR personal health care information protected by: • Every physician • Every nurse • Every healthcare worker • Every hospital • Every pharmacy • Every dentist • Every insurance plan • Every organization that maintains Protected Health Information (PHI)
What is Protected Health Information (PHI)? • Health information means any information, whether oral or recorded in any form or medium • that is created or received by a health care provider, and • relates to the past, present or future physical ormentalhealth or condition of an individual • Individually identifiable health information includes demographic information • Protected Health information means individually identifiable health information maintained and transmitted in any media, including electronic, written or oral.
What is Protected Health Information (PHI)? Individually identifiable health information includes demographic information
In Each Relationship We Share… The OBLIGATION to protect the confidentiality of healthcare information of EVERY PATIENT Regardless of who THEY are Regardless of who YOU are
Confidentiality Our journey toward the Integrity we Value requires all of us to… Observe the Right Fulfill the Obligation
Rights Violated, the Obligation Not Met • 2007 - Palisades Medical Center investigated 40 employees and suspended 27 for accessing a celebrity’s PHI without authorization • 2007 - Ivinson Memorial Hospital fired one employee, suspended two and reprimanded four others for failure to follow hospital policy and looking at patients’ records and their own records. • 2007 - Park Nicollet Clinic suspended 100 employees for three days without pay for peeking at electronic records of friends and relatives
Rights Violated, the Obligation Not Met • 2008 - Tenet Healthcare hospital biller in Texas accused of stealing records of 90 patients • 2008 - Massachusetts General Hospital survey of 1600 physicians found that 11% of them said they had inappropriately revealed information about patients • 2008 – Mayo Clinic Hospital – Phoenix General Surgery Chief Resident put on administrative leave for taking a picture of a patient during surgery with his cell phone
Rights Violated, the Obligation Not Met • April 2008 – New York Presbyterian Hospital Admitting Department employee charged by US Attorney with accessing personal information of 1000s of patients and attempting to sell data to conspirators • 2008 – Northeast Arkansas Clinic nurse plead guilty to wrongfully disclosing PHI for personal gain and malicious harm – faces 10 years in prison and $250,000 fine • 2008 – Oklahoma city health care provider employee indicted by federal grand jury for disclosing PHI for personal gain
Rights Violated, the Obligation Not Met • 2008 - Three UCLA Health System employees snooped in high-profile patient records • March 2008 - UCLA cited for deficiencies by California Department of Public Health • CDPH notified law enforcement agencies • Office for Civil Rights • City Attorney • County District Attorney • State Attorney General
Rights Violated, the Obligation Not Met • 2008 - Three UCLA Health System employees snooped in high-profile patient records (cont.) • 13 employees fired • Federal government indicted hospital Administrative Specialist employee • Accessing records • Selling records to the media • Faces 10 years in prison • Media organization which purchased records may also face federal prosecution.
San Joaquin Reported Violations • 11 incidents reported in the past 11 months. Penalties and/or Sanctions may be forthcoming on each. • One 2009 incident resulted in a fine of $25,000 imposed in late 2010. Incident involved: Copies of lab results released with another patients medical record. • Recent incidents reported to CDPH: • Faxing to Wrong fax number • Printed pages not double checked prior to distribution and patients were given discharge instructions / information for other patients. • Private citizen allowed to observe Op/Invasive procedure without patient knowledge or consent.
The Right to Confidentiality Adventist Health Policy – AD 10-002-S Confidentiality It is the policy of Adventist Health to maintain confidentiality for patients and employees at all times and under all circumstances. https://connect.ah.org/slide/files/Health%20Info%20Management/Roseville/HIPAA/Privacy/Volume%202%20-%20Policies/AD-10-002-S%20Confidentiality%20of%20PHI.pdf
The Right to Confidentiality Adventist Health Policy – AD-10-019-SHIPAA Privacy and Security Workforce Sanctions • Breaches may result in discipline of the employee up to and including immediate termination • Personal civil or criminal penalties of a minimum of $25,000 https://connect.ah.org/slide/files/Health%20Info%20Management/Roseville/HIPAA/Privacy/Volume%202%20-%20Policies/AD-10-019-S%20%20HIPAA%20Privacy%20and%20Security%20Workforce%20Sanctions.pdf
Fulfill the Obligation Minimum Necessary – Legitimate Need to Know • An employee may only access patient information such as required by the employee’s job requirements. • Employees who receive or view information about patients in order to do their jobs may not share the information with any others unless the others need to know that information by virtue of their job requirements.
Breach of Confidentiality Breaching patient confidentiality can occur in a variety of ways. Adventist Health distinguishes those breaches of confidentiality as follows:
Breach of Confidentiality Breaches may result from Carelessness A breach that occurs when patient information is unintentionally or carelessly accessed, reviewed, or revealed by oneself or others without a legitimate need to know the patient information. Examples include, but are not limited to: • a. Discussing patient information in a public area; • b. Leaving a copy of patient information in a public area; • c. Leaving a computer work station unsecured (especially with PHI displayed onscreen). • d. Faxing PHI to a wrong number. • e. Mixing discharge papers up when retrieving from a printer and giving a patient the wrong patient instructions or information.
A Careless Breach: Observers in the Patient Care Setting • The patient has a right to privacy - so having someone outside the care team present for any portion of their care/treatment while at our facility, needs to be fully considered. Patient family members/friends are an exception, as long as the patient does not object. Any other such person would be considered an ‘observer’. An "observer" is not a patients family member or a contract person or vendor or a student who's school has an affiliation agreement with SJCH etc. An observer is not someone who is a part of the SJCH care team.
Examples of Observers…….. • A medical student from out of town visiting a physician who wants to observe a patient interview (pre/post op etc), nurse assessment or a surgery/procedure. • A private citizen/friend of an employee, who is studying to be a police officer and wants to see how we deal with pts who are in custody. In these cases, a “Request for Presence of Observer' form is required.
Request for Presence of Observer form • A ‘Request for Presence of an Observer during Childbirth/Surgical/Medical Procedure’ form is to be reviewed and signed by the patient. • The attending physician has responsibility to confer with the patient and the observer and certify that the presence of an observer will not compromise the health or safety of the patient, the observer or others. • In the event there is anesthesia involved, the anesthesiologist should also review & sign the form. • The form is then placed in the patients record as a permanent part of the medical record. • The form is located on the W:Drive > Common > Forms>Surgery
Breach of Confidentiality Breaches may result from Curiosity or Concern Breach that occurs when patient information is accessed, reviewed, or discussed for purposes other than care of the patient. Examples include, but are not limited to: • a. Looking up birth dates or addresses of friends or relatives; • b. Accessing and reviewing a patient record out of concern/curiosity, even if the information is kept to oneself and is not disclosed it to any other person; • c. Reviewing a “famous” or public person’s (VIP) medical record.
Breach of Confidentiality Personal Gain or Malice Breach when patient information is accessed, reviewed, or discussed for personal gain or with malicious intent. This is considered a critical infraction. Examples include, but are not limited to: • a. Downloading PHI and selling it to a marketing firm; • b. Carelessly divulging a computer ID and password, which a relative then uses to destroy/change PHI, send false positive test results to patients, or sell information to a third party.
The Right to Confidentiality Federal Regulation - HIPAA Privacy Rule • Hospitals must ensure the confidentiality of all protected health information they create, receive, maintain or transmit [§164.306(a)(1)]. • Hospitals must have and apply sanctions against employees who fail to comply with privacy policies and procedures [§164.530(e)(1)].
The Right to Confidentiality • MORE LEGISLATION • Every provider must monitor employees’ electronic access to medical information • Breaches must be reported to the State and the patient within 5 days of discovery • Personal fines levied against employee up to $250,000 per violation • Patient may sue the provider’s employee and/or the provider for negligent release of confidential information
The Right to Confidentiality • Adventist Health Employee Handbook • All employees, volunteers, and physicians who have access to information about patients, employees, or business operations, which is of a confidential nature will be prohibited from discussing or revealing such information in any unauthorized manner. • Any breach of confidentiality represents a failure to meet the legal, professional, and ethical standards expected, and constitutes a violation of this policy and are subject to discipline including possible termination of employment. Other documents/policies that reference Confidentiality: Right and Responsibilities of Patients, Safeguarding PHI in the physical environment, Code of Conduct.
HIPAA is Real, Alive and Well in Our Industry. Don't take if lightly! If you have a question about this material, please call or email your Facility Privacy Official at: 869-6129, littreja@ah.org To leave an anonymous concern, call the HIPAA hotline at: 869-6505. Thank you for your time and attention!