Ya it's boring, but it's serious...
Just about everyone has heard of HIPAA, it is especially drilled down into all health care workers for obvious reasons. The whole reason of HIPAA is to protect sensitive information from becoming public knowledge. HIPAA can be confusing, but it is also fairly simple. The biggest phrase to remember is "is the information or access to information necessary to perform my job". If the information is not a necessity, and you access it anyways you are in violation of HIPAA. This pertains to even your personal records, your spouses records and your families' records.
The seriousness of the violation can be summed up in the following paragraph:
"Even if a person is the victim of an egregious violation of the HIPAA Privacy Rule, the law does not give people the right to sue. Instead, individuals must file a written complaint with the Secretary of HHS via the Office for Civil Rights. It is then within the Secretary’s discretion to investigate the complaint. HHS may impose civil penalties ranging from $100 to $25,000, and criminal sanctions ranging from $50,000 to $250,000—with corresponding prison terms—may be enforced by the Department of Justice."
All hospitals must self report any violation that is observed in its' organization. usually this leads to immediate termination. Also, it is worth noting that even minor violations can land a person on the National Database that will prevent any organization that participates in federal programs from hiring the violator. Essentially if you violate HIPAA you won't be working in the health care field again.
MPMC will be increasing the presence in the security of HIPAA related issues. Also, we will be enforcing the rules and penalties. I, myself, am astounded at how well the security system monitors for HIPAA violations. So please...don't be the one that causes a jellybean (red flag) to be sent to our HIPAA administrator's...
Here are a few HIPAA Myths/Facts:
Myth #1 Health care providers can share personal health information with employers.
FACT .
Myth #2 One doctor’s office cannot send a patient’s medical records to another doctor’s office without that patient’s consent.
FACT
Myth #3 The HIPAA Privacy Regulation prohibits or discourages doctor–patient e-mails.
FACT
Myth #4 Hospitals are prohibited from sharing information with the patient’s family without the patient’s express consent.
FACT
Myth #5 A patient’s family member can no longer pick up prescriptions for the patient.
FACT
Myth #6 The Privacy Regulation mandates new disclosures of patient information.
FACT
Myth #7 Patients can sue health care providers for not complying with the HIPAA Privacy Regulation.
FACT Myth #8 Patients’ medical records can no longer be used for marketing.
FACT .
Myth #9 If a patient refuses to sign an acknowledgment stating that he or she received the health care provider’s notice of privacy practices, the health care provider can, or must, refuse to provide services.
FACT
Myth #10 The HIPAA Privacy Rule imposes many new restrictions on hospitals’ fundraising efforts so that fundraising becomes almost impossible.
FACT