Return to Main Menu
|
Health Information Privacy, Security
Week
April 9 - 15
by Mike
Wheeler, Sharon Knowles, Julie Acker
and
Melissa Altman
University,
MUHA, UMA & CFC Privacy Officers
The landmark federal law ensuring health information is protected and
secured turns two years old this week, which has been designated as
Health Information Privacy and Security Week.
This week (April 9-15) coincides with the anniversary of the Health
Insurance Portability and Accountability Act (HIPAA) Privacy Rule
implementation of April 2003 and HIPAA’s Security Rule implementation
of April 2005. The privacy rule provides a federal law to protect
privacy and confidentiality by preventing a release of an individual’s
private health information while the security rule specifies
requirements for protecting health information stored in an electronic
format.
The theme of this week’s designation is “Protecting Patient Privacy,
Building Public Trust.” By protecting our patient’s privacy, we also
protect their dignity and, ultimately, protect their trust in our
ability to provide quality health care. In addition, our MUSC Code of
Conduct stresses the need to protect patient privacy by stating: “With
regard to professional conduct, those acting on behalf of MUSC should
practice confidentiality by protecting the integrity and security of
MUSC information such as patient records.”
The top 10 work practices you need to follow to ensure the protection
of patient’s health information are:
1. Only access a
patient’s medical record for treatment, payment, or health care
operations purposes. Remember, our computerized (electronic) patient
record systems have built-in audit capabilities that are reviewed on a
weekly basis. In other words, each week, we randomly review which
medical records were accessed.
2. Never share your
computer access passwords. Also remember to log out of computerized
record systems before you leave your computer terminal unattended.
3. When discussing health
information in a waiting room or areas where others are able to hear
your conversation, speak softly and never hold discussions in public
places such as elevators, hallways or cafeterias.
4. Never leave a medical
record unattended. This practice also includes other items that contain
health information such as lab reports, a list of scheduled
appointments, faxes, printed e-mails, etc. In addition, remember to
close wallaroos (a portable writing wall unit) containing patient
information.
5. Turn your computer
screen so a passerby cannot view a patient’s health information. If
this is not possible, consider installing a privacy screen so only the
person directly in front of the screen can view the information.
6. When disposing of
patient information, ensure the information is properly shredded. Do
not place patient information in a recycle bin.
7. Never leave a phone
message about a patient’s health information with anyone but the person
you are trying to reach or leave messages containing patient
information on answering machines.
8. Inform your supervisor
if you find patient information in an open trash container or recycle
bin.
9. Ensure you complete
both Privacy and Information Technology Security training prior to
accessing any patient health information.
10. Report anyone you
see violating privacy or security rules to your supervisor, a privacy
officer or the confidential hotline at 1-800-296-0269 (Toll-free,
available 24 hours, 7 days a week).
Did you
know...
- All employees who are admitted to this hospital have
their record audited on discharge to ensure that no unauthorized person
viewed their information.
- Looking at a spouse or significant other’s protected health
information (information in Oacis or Practice Partner, etc) without
prior written permission is a HIPAA violation and subject to
disciplinary action.
- More than 300 audits were done on employee records last
year.
- You need prior written authorization to view the protected
health information (PHI) of your child 16 years or older, regardless of
who is guarantor for the insurance/medical bill.
- Three employees were terminated during the past year for
unauthorized viewing of patient information.
- Request an audit of your protected health information in
Oacis or Practice Partner by contacting Sharon Knowles at the HIPAA
Compliance Office (792-4037) or e-mail knowles@musc.edu.
Friday, April 14, 2006
Catalyst Online is published weekly,
updated
as needed and improved from time to time by the MUSC Office of Public
Relations
for the faculty, employees and students of the Medical University of
South
Carolina. Catalyst Online editor, Kim Draughn, can be reached at
792-4107
or by email, catalyst@musc.edu. Editorial copy can be submitted to
Catalyst
Online and to The Catalyst in print by fax, 792-6723, or by email to
catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Island
papers at 849-1778, ext. 201.
|