A HIPAA message -- a breach of confidentiality

picture disc.HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. This HIPAA-related message is part of UNMC's continued effort to educate employees. Today's HIPAA message addresses a breach of confidentiality.

Question: What is a breach of confidentiality?

Answer: All workforce members have a duty to protect confidential information. Breach of this duty includes the following:

  • Accessing confidential information, in any form, without a "need to know" to perform assigned duties. Workforce members are prohibited from accessing their own records and records of family members, relatives and others, unless access is necessary to perform assigned duties.
  • Assisting an unauthorized user to gain access to a secured information system.
  • Leaving confidential information unattended in a non-secure area.
  • Falsifying information.
  • Disclosing confidential information without proper authorization.
  • Discussing confidential information in the presence of individuals who do not have the "need to know" to perform assigned duties.
  • Improper disposal of confidential information.
  • Disclosing that a patient is receiving care (except for authorized directory purposes).
  • Transferring confidential information in any form without both parties having a need to know.

Individuals who breach confidentiality are subject to corrective action up to and including termination of employment. In addition, civil and criminal penalties can be assessed under HIPAA for PHI violations.

For further information refer to: Privacy, Confidentiality and Information Security Policy.

If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.