Patient Confidentiality: Public Health’s Sacred Trust

Public health surveillance is a cornerstone of public health practice…  and the effectiveness of that surveillance system rests on a foundation of patient confidentiality.  The public’s consent for allowing their personal medical information to be reported is made with the understanding that the data will be kept confidential.  The moment we jeopardize the trust, we put the entire public health surveillance system at risk- which would erode the effectiveness of the entire public health system.  For decades the U.S. and Arizona public health surveillance system has made it a core priority to protect patient confidentiality.  

We protect patient confidentiality with a number of safeguards- both using policy and technology.  Technological protections include making sure that we’re continually using I. T. best practices to stay ahead of the game.  Policy initiatives are designed to make sure that our staff respects patient confidentiality and is mindful of the importance of protecting this trust.  

For example… we require our entire team to take our HIPPA Training Course in their first 2 months on-board to help us create a culture of respect for our records. Refresher courses can be accessed in YES under Your Employee Services/Employee Training/Scheduled Training under “Annual HIPAA Awareness” (the HIPAA Privacy Refresher) and “Annual HIPAA IT Security” (the HIPAA Security Refresher).  On the I.T. side, we’ve installed a new secure e-mail product called Proofpoint E-mail Security Gateway, which ensures that e-mail encryption is automatically applied to outbound e-mails using algorithms that detect confidential and or protected health information based on patterns.  

Protecting patient confidentiality for the sake of our mission isn’t the only reason to take confidentiality seriously.  There are legal sanctions that the Agency is subject to if we don’t adequately protect confidential patient data.  There’s potential personal exposure as well. US Department of Justice fines against individuals start at $50,000-  with up to a year in jail and go all the way to $250,000 and up to 10 years if a person releases information for malicious harm. 

You get the idea…  it’s critical that we protect the personal health information that crosses our desks and computers- especially for those who work in our infectious disease and behavioral health areas, and the Arizona State Hospital.