The HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
HIPAA Privacy Protected Health Information (PHI) includes:
Patient name, address, date of birth, social security number, all content of the medical record, medications etc.
Confidential Information is not to be shared inappropriately at work or away from work, via email, text, page, written format, social media, photos, video, verbal disclosure, fax or other.
Examples of Privacy Breaches:
- Announcing patient name or diagnosis loudly in a lobby area.
- Verbal disclosure of patient’s health issues to others who are interested, but who have no job-related need to know.
- Visiting a patient who is hospitalized, without their permission.
- Disposing anything with a patient name on it in regular trash.
- Sharing of a patient’s name or diagnosis or need of transplant to family or friends.
- Leaving voicemails or messages pertaining to protected health information, without their permission.
- Disclosing patient presence in hospital.
- Leaving health records or census sheets open and unattended. Leaving PHI in hall, restroom or library.
- Talking about your patients in a public place like the cafeteria or hair-dressers, or grocery store.
- Talking about medical information in front of patient’s family without the patient’s permission.
I understand that as a Volunteer with Kidney Companions I am obligated by federal HIPAA Privacy law and policies to protect patient privacy and all confidential information from unauthorized use and disclosure. I understand that even a patient’s presence in a hospital, clinic or if they are being treated in their home, is confidential information under HIPAA. I understand that volunteers may be subject to civil and criminal fines and penalties for privacy breaches. I acknowledge that as part of my volunteer training with Kidney Companions, I have received adequate information pertaining to HIPPA, including confidentiality and privacy of protected health information.
Confidential Information is defined as any Patient and/or Business information obtained through the course of your volunteer service with Kidney Companions.
“Patient Information” shall be considered any information regarding a patient obtained or learned while providing volunteer services. Such information may include, but is not limited to, financial and social data medical record, medical history, diagnosis, condition, or treatment. Patient Information also includes information learned from committee meetings and reports, census sheets, surgery schedules, physician office records, x-ray films, lab results, and incident reports. All information Volunteers learn about patients is “protected”. Even the fact that patients are participating in Kidney Companions should not be re-told to others who have no job-related need to know.
TERMS OF AGREEMENT
I agree to support a culture of compliance with HIPAA privacy laws and to advocate for and protect patient privacy.
I agree to not access or disclose any confidential information I learn or am exposed to as part of my volunteer duties. I will seek the minimum amount of confidential information necessary to carry out my volunteer duties. I agree to not post patient information on social media, and agree not to share protected patient information by email, phone, or text. I understand that photos of patients, their families, or of staff are not permitted, without their express written permission.
I understand that my obligation to maintain confidentiality of information extends beyond the length of my volunteer service with Kidney Companions. I agree to maintain confidentiality of such information as long as it is known to me. I understand that I may not remove any hardcopy and/or electronic files of information from the premises. I understand that verbal disclosures may also be viewed as a privacy breach.
If I hear of or see a privacy breach, I will report it to Kidney Companions leadership the same day or as soon as possible. I understand that if a patient complains to the Office of Civil Rights about a privacy breach by a Volunteer, both the Volunteer and Organization could be subject to large fines.