在美国的从医人员对HIPAA是如雷灌耳。但很多华人在从事临床和临床研究工作时却非常缺乏有关的法律知识,无意中犯法,有的受到坐牢的严厉处置。什么是HIPAA呢? 看看如下条款,一定会让你谨慎从事的:
You likely hear the word HIPAA often at work. HIPAA refers to the Health Insurance Portability and Accountability Act (Public Law 104-901), signed into law on August 21, 1996. The purpose of this law was to improve the efficiency and effectiveness of the health care system by standardizing the electronic exchange of administrative and financial data. Under HIPAA, Privacy and Security Rules are defined.
The Privacy Rule provides the first comprehensive set of federal privacy protections. It establishes a balance by providing consumers with personal privacy protections and access to high quality of health care. The Security Rule requires the implementation of appropriate security safeguards for electronic health information and to protect individual’s health information, while permitting the appropriate access and use of that information.
We are fortunate to have robust system and access controls, however the weakest link are the individuals that forget or disregard rules or intentionally commit violations. For example, your system password is the same as signing the work done under that sign-in and you are legally responsible for anything done under that password, whether you did it or not. You should log-off when you leave your workstation and at the end of your shift. You should not share your password. Another example is when you print-out individually identified health information unnecessarily and it becomes misplaced or when individually identified health information is printed for business purposes and not disposed properly into a shredder bin when no longer needed. If it is not necessary to print it, don’t print it.
Here are two expensive examples of sanctions imposed by the US Department of Health Services Office for Civil Rights against large healthcare providers. It is important to understand too, that the following penalties are personally available:
1. Civil violations
a. Maximum monetary penalty of $100 per violation capped at $25,000 for all violations of the same requirement by the same person per calendar year.
2..Criminal violations occur under the following circumstances and result in the noted penalties:
a. Knowingly committing and act
i. Fine not more than $50,000, imprisonment for not more than one year, or both;
b. Committed under false pretenses
i. Fine not more than $100,000, imprisonment for not more than five years, or both;
c. Committed with the intent to sell, transfer, or use PHI for commercial advantage, personal gain or malicious harm
i. Fine not more than $250,000, imprisonment for not more than 10 years, or both.
If you have any questions or concerns about Privacy and Security, you have access to different resources. Speak with your Facility Privacy Official or with your Supervisor, Manager or Director.
|
|
|
|
|
|
|
|
|
|
