Interim President and CEO
June 8, 2022
Dear Medical Providers and Staff,
I’m confident we can all universally agree on how much we value our personal privacy and the feelings we have when it’s violated. When a patient chooses us for their care, they confide in us with some of their most personal information. As medical providers and healthcare professionals, we depend on this information and its accuracy to provide care. We cannot do our jobs without it and we foster this relationship of trust with our patients through our reputation as well as how we treat them and their information.
A violation of patient privacy can occur when any of their demographic, financial, and/or health information is disclosed without the patient’s consent, as well as when protected health information is accessed by an employee without a demonstrated “professional need to know.” It’s important for us to reflect on the significant negative consequences, on our patients, employees, and organization when the confidentiality of our patient’s health information is betrayed.
For our patients, a HIPAA violation creates not only embarrassment but a long-term and far-reaching lack of trust in our healthcare system. Downstream, this can have lasting consequences on their long-term health if they are no longer comfortable seeking care. Breaching a patient’s privacy can tarnish our reputation for years to come, destroying the consumer confidence all of you work hard to build each and every day with every patient visit. Patients choosing us for their care is the sole reason we exist and reputational harm affects us all.
Under federal law, there are significant individual and organizational penalties including fines and/or imprisonment of up to ten years depending on the severity and intent of the violation. Employees who violate HIPAA will face an investigation by Corporate Compliance and Human Resources, with consequences up to immediate termination.
All of us, when accepting employment at Oneida Health, sign and take an oath to protect our patient’s private health information. Annually, we receive training through our in-service solutions to keep us up-to-date with HIPAA rules and guidelines. We take great pride in our Privacy Awareness Program. As important as it is for us to ensure we do not violate HIPAA ourselves, it is equally important for us to be stewards of all protected health information, as we all have a vested interest in it. This can range from reporting violations you observe to self-reporting, even in cases where the violation is unintentional. When a violation occurs, we are required to formally contact the individuals who have been affected as well as self-report the incident to various government agencies.
We share this with you today to reiterate that personal privacy matters, and we, just like our patients, hold a patient’s personal and protected health information sacred. Please take the time to visit or revisit our HIPAA education in our in-service solutions if you feel it is needed or reach out to Renee Olmsted, our Privacy Officer with any questions or concerns. We also would like to thank you, as we know on a day-to-day basis, that you collectively protect our patients’ personal health information as if it was your own.
Interim President and CEO