The following excerpt is from information published and distributed by UCLA Health System:
Every patient has a right to privacy and it is every employee's responsibility to protect that confidentiality. This means keeping information about patients and their health care private. Both federal law (the Health Insurance Portability and Accountability Act or "HIPAA") and California state law require the protection of all Patient Identifiable Health Information, including all identifiers, images and other information which could be used to determine the identity of a patient. The privacy laws apply to all forms of patient health information, including paper, electronic and verbal information. Unauthorized use of UCLA's information systems, which includes inappropriate view, review, access and/or disclosure of medical and personal information can result in disciplinary action (up to and including termination), notification to the government, fines and reporting to licensing boards, and may constitute grounds for either civil or criminal actions. Do not share your password and LOG OFF when you leave the workstation.
Staff are required to only use or access that amount of patient information that is minimally necessary to complete a task, responsibility or function. Staff are required to only use and access information on patients for whom they are providing care, or which they need the information to complete a task that is part of their responsibilities.
Confidential information includes a wide variety of information about a patient's health care. Examples of confidential information include:
Patient identifiers such as medical record number, name, date of birth, Social Security Number, address, phone number, contact information, photographic images and any other unique code or characteristic that could be used to identify an individual patient
Details about illnesses or conditions (particularly AIDS, psychiatric conditions, genetic testing or alcohol/drug abuse)
Information about treatments
Health-care provider's notes about a patient
Patient billing information
Conversations between a patient and a health-care provider
General patient information in the facility directory such as patient name and condition may be released as provided by California state law and federal privacy regulations without the patient's specific authorization unless the patient requests that they not be listed in the facility directory or census. Your department may have special rules regarding when to release this information. Please consult with your supervisor or manager before releasing information.
Patients have certain rights granted under federal and state law to control their protected health information, including the right to access and receive a copy of their health information, request addendums to or changes to their health information, request restrictions on how and to whom their information is used or disclosed, request alternate methods for communicating with them, and to obtain a list of individuals or organizations to whom UCLA Health System has provided access to their information. These rights apply to both the patient's medical and billing ...