12 - Confidentiality

LAST REV DATE: 08/05/2015

Applies to all UCLA Health “workforce members” including: employees, medical staff and other health care professionals; volunteers; agency, temporary and registry personnel; and trainees, house staff, students, and interns (regardless of whether they are UCLA trainees or rotating through UCLA Health facilities from another institution).

It is the responsibility of all UCLA Health workforce members, as defined above, including employees, medical staff, house staff, students and volunteers, to preserve and protect confidential patient, employee and business information.

The federal Health Insurance Portability Accountability Act (the “Privacy Rule”), the Confidentiality of Medical Information Act ( California Civil Code § 56 et seq.) and the Lanterman-Petris-Short Act ( California Welfare & Institutions Code § 5000 et seq.) govern the release of patient identifiable information by hospitals and other health care providers. The State Information Practices Act ( California Civil Code sections 1798 et seq.) governs the acquisition and use of data that pertains to individuals. All of these laws establish protections to preserve the confidentiality of various medical and personal information and specify that such information may not be disclosed except as authorized by law or the patient or individual.

Confidential Patient Care Information includes: Any individually identifiable information in possession or derived from a provider of health care regarding a patient's medical history, mental, or physical condition or treatment, as well as the patients and/or their family members records, test results, conversations, research records and financial information. (Note: this information is defined in the Privacy Rule as “protected health information.”)

Examples include, but are not limited to:

• Physical medical and psychiatric records including paper, photo, video, diagnostic and therapeutic reports, laboratory and pathology samples;
• Patient insurance and billing records;
• Mainframe and department based computerized patient data and alphanumeric radio pager messages;
• Visual observation of patients receiving medical care or accessing services; and
• Verbal information provided by or about a patient.

  Confidential Employee and Business Information includes, but is not limited to, the following:

• Employee home telephone number and address;
• Spouse or other relative names;
• Social Security number or income tax withholding records;
• Information related to evaluation of performance;
• Other such information obtained from the University’s records which if disclosed, would constitute an unwarranted invasion of privacy; or
• Disclosure of Confidential business information that would cause harm to UCLA Health.
• Peer review and risk management activities and information are protected under California Evidence Code section 1157 and the attorney-client privilege.

I understand and I acknowledge that:

1. I shall respect and maintain the confidentiality of all discussions, deliberations, patient care records and any other information generated in connection with individual patient care, risk management and/or peer review activities.
2. It is my legal and ethical responsibility to protect the privacy, confidentiality and security of all medical records, proprietary information and other confidential information relating to UCLA Health and its affiliates, including business, employment and medical information relating to our patients, members, employees and health care providers.
3. I shall only access or disseminate patient care information in the performance of my assigned duties and where required by or permitted by law, and in a manner which is consistent with officially adopted policies of UCLA Health, or where no officially adopted policy exists, only with the express approval of my supervisor or designee. I shall make no voluntary disclosure of any discussion, deliberations, patient care records or any other patient care, peer review or risk management information, except to persons authorized to receive it in the conduct of UCLA Health affairs.
4. UCLA Health Administration performs audits and reviews patient records in order to identify inappropriate access.
5. My user ID is recorded when I access electronic records and that I am the only one authorized to use my user ID. Use of my user ID is my responsibility whether by me or anyone else. I will only access the minimum necessary information to satisfy my job role or the need of the request.
6. I agree to discuss confidential information only in the work place and only for job related purposes and to not discuss such information outside of the work place or within hearing of other people who do not have a need to know about the information.
7. I understand that any and all references to HIV testing, such as any clinical test or laboratory test used to identify HIV, a component of HIV, or antibodies or antigens to HIV, are specifically protected under law and unauthorized release of confidential information may make me subject to legal and/or disciplinary action.
8. I understand that the law specially protects psychiatric and drug abuse records, and that unauthorized release of such information may make me subject to legal and/or disciplinary action.
9. My obligation to safeguard patient confidentiality continues after my graduation from The David Geffen School of Medicine at UCLA.