HIPAA – HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996
Title II of the Health Insurance Portability and Accountability Act of 1996 requires the protection of all individually identifiable health information. This protected health infor- mation must be kept confidential whether electronic, paper, or oral. In order to satisfy HIPAA compliance, the Southern Union State Community College Health Sciences Programs requires each hand-held device to be password protected, and all information to be deidentified. Due to the seriousness of this policy HIPAA violations will be considered a severe offense and therefore the consequences will be severe.
CONFIDENTIALITY/ HIPAA
All patient/client information is confidential. Protecting patient confidentiality is the law. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 came into effect in April 2003. Noncompliance can result in monetary, civil and criminal penalties.
Southern Union State Community College Health Sciences division takes HIPAA violations very seriously. In order to help preserve patient confidentiality, levels of HIPAA violations have been developed and will be strictly enforced for every student that is enrolled in Health Sciences courses at Southern Union. This policy consists of 3 levels of violations with repercussions outlined in each level.
Records of student violations of the SUSCC Confidentiality/ HIPAA policy will be maintained in the student’s file.
LEVEL 1:
Constitutes an act of negligence.
Examples of a level one violation include but are not limited to:
-
Leaving patient information unattended.
-
Turning in assignments with a patients’ name attached.
-
Sharing passwords with other classmates.
-
Not signing off of a computer in the clinical setting.
-
Not password protecting any personal device that is used to record patient information.
The Level 1 violation will result in a student being given a reprimand (STA, Clinical unsatisfactory etc.) and counseling by instructor. A Level one violation carries over to subsequent semesters.
LEVEL 2:
Repeat violation of a level one incident within the same semester or subsequent semester in a Heath Science program (does not have to be the same incident) will result in a level two violation.
Intentional violation of the SUSCC Confidentiality/ HIPAA policy. Examples of a level 2 violation include but are not limited to:
-
Unauthorized access to patient records.
-
The discussing of Patient’s, Patient’s family and or visitors’ information with others not involved in the patient’s care
-
Discussing Patient, Patient’s family and or visitors’ information on social media sites
-
Discussing of Patient’s, Patient’s family and or visitor’s information where as others not involved in the direct care of the patient may overhear your conversation.
-
Sharing/Discussing the identity of a Patient, Patient’s family and or visitors outside of the clinical setting, even if not discussing information regarding their care.
The level 2 violation will result in the student receiving a clinical failure for the course that the offense took part in. Additionally, the student will be academically withdrawn from all health sciences courses. The student will have to go through the application process for possible re-admission to the program. This offense will stay in the student’s permanent file. If readmitted to a health sciences program, any further violation of the SUSCC HIPAA policy will automatically move the student to a Level 3 violation.
• Students should not discuss patient/client information with anyone
except for clinical personnel and those in the Health Science program
LEVEL 3:
Additional violation of the SUSCC Confidentiality/ HIPAA policy after already receiving a Level 2 violation or a malicious offense used to cause harm to a person, or used for personal gain.
The level 3 violation will result in student receiving a clinical failure for the course that the offense took part in. Additionally, the student will be academically withdrawn from all health sciences courses. The student will not have the option of returning to that program or any program of study in the Health Sciences Division.
The following are some general guidelines for students regarding HIPAA compliance:
- Students should not discuss patient/client information with anyone except for clinical personnel and those in the Health Science program who are involved in your education and adhere to the same confidentiality (e.g., faculty, graduate colleagues).
-
Client records should never leave the clinical agency.
-
Students should never save patient/client sensitive information (with identifying information) on their computers.
-
E-mail correspondence with faculty should also be treated confidentially and identifying information about patients/clients should not be included.
-
All documentation related to clinical clients must be treated as a legal document and confidentiality respected and maintained.
-
Client names should not be included in clinical paperwork, case presentations, or on notes.
-
Photocopying of client records is NOT permitted in any clinical setting.
-
Records should not have client’s names or initials when turned in for clinical paperwork
-
Students should NEVER discuss ANY information, no matter how insignificant it may seem, on any social media site.
-
All violations of the SUSCC confidentiality/ HIPAA will remain active for two years after the incident or until the completion of the currently enrolled program (whichever is longer) regardless of the program. The active violation will transfer to any Health Science program from any other Health Science program
*Note: For more information regarding HIPAA, visit http://www.hhs.gov/ocr/privacy/.