HIPAA
abbreviation for Health Information Portability and Accountability Act of 1996
HIPAA Privacy Rule
Law that ensures privacy for patient and pts. records- Office of Civil Rights
- establishes national standards to protect individual's health information
- civil and criminal penalties exist for non-compliance
What a health care provider may disclose about a patient regarding their medical information?
only minimum information to any insurance or other provider.
Rules r/t HIPAA Law:
#NAME?
Security methods to handle medical charts /information in health care institution
administrative procedures must be in place for guarding data, confidentiality, integrity, and locked access to medical records
Reasons why any medical /clerical person has access to medical records
#NAME?
Confidentiality (expanded version)
#NAME?
Breach of Confidentiality exceptions
- information may be disclosed when failure to do so could cause serious harm to patient, family, facility staff, or others
- law requires disclosure in some situations
- case law requires duty to disclose a patient's threat of imminent physical harm against another identifiable person
Medical information exceptions for HIPAA:
#NAME?
HIV disclosure
laws vary per state; Many states have adopted special statutes to deal with HIV notification for medical professional & others.
Medical/ nursing student confidentiality rules
- When you are a student in a clinical setting compliance with HIPAA is part of professional practice
- You can review your patients' medical records only for information needed to provide safe and effective patient care
- You do not access the medical records of other patients on the unit
- Access to electronic health records is traceable through user log-in information
Privacy definition
- the right to keep some information to themselves and to have it used only with approval
- the right to be free from unreasonable intrusion into one's private affairs
- the right to make choices without outside interference
- right to autonomy, Justice, Human Dignity
Methods to ensure privacy in a Health Care facility
#NAME?
Informed Consent
- a patient/ client or person's agreement to allow a procedure like surgery or invasive procedure based on full disclosure of risks, benefits, alternatives, and consequences of refusal
- a legal and bioethical issue
- the process of understanding the risks and benefits of treatment
- open, direct, honest exchange of information
Basic Elements/Components of Informed Consent
- Full Disclosure
- Comprehension
- Voluntary (without coercion)
- Competency/capacity to make decision
-
When is a patient incapable of making informed consent?
#NAME?
Professional Boundaries
- the spaces between the nurse's power and the patient's vulnerability
Boundary Violations
#NAME?
Boundary Crossings
brief excursions across boundaries that may be inadvertent, thoughtless, or even purposeful if done to meet a specific therapeutic need ex. hugging pt.
date HIPAA law enacted
year 1996
Who must follow HIPAA & Confidentiality in helath care facility?
all medical personnel in any medical facility: RN's, LPN's, Drs., OT, PT, Rad Tech, Med Tech in lab, pharmacists, Athletic trainer, housekeeper, maintenance workers, unit secretaries, nursing assistant, all personnel in office, clinic or hospital
confidentiality (simple version)
Means that information about the patient must remain private & can be shared only with other members of the health care team.
HIPAA rules Set #1
Pick an area where privacy may be maintained when asking questions or counseling pt. or family
Ask pt. to talk softly in ER, Hallway& other open areas to avoid others listening
Computer screen blockers must be on all medical computer & have password protected.
Never leave charts unattended in nurses' station. Never discuss pt. information in open areas, lunchroom, break room nurses station.
Never leave with record from nurses station, if a student.
If record is needed for a test or transfer, write & report to person at the nursing unit stat.
HIPAA rules Set #2
Never use white out on a legal record or chart ahead .If mistake made, one single black line thru word & error in charting above with your initials. It is illegal.
Pt identity is protected by nurses. We have a do not notify if pt. is in hospital rule, whereby we do not let pts. Calling on phone that the pt. is in the hospital ex. Battered women & young teenage mother with abuse problem of father/family, child custody cases. Protect their anonymity.
Never discuss pt. condition with another pt. or anyone in the family unless pt. OK's this practice.
Gossiping about pts. is ethically wrong.
Copying medical charts, parts of record or lab results is illegal.
Refrain from immoral, unethical & illegal practices .If you see a medical person
doing anything illegal, you must report the incident to the proper authorities.
Report any suspicious behavior with medical records & guard your pts. Privacy.
Written permission to obtain records from pt. must be given for anyone to receive your medical records.
Action: if you meet family member @ hospital
Wait to be acknowledged & then go over to speak to your family member or neighbor. Do not ask what are they are doing in hospital instead tell them what you are doing here? Let them tell you...
action: if a teacher asks for details about a patient or hospital event
just say that you do not know or say that if you knew details that you could not release that to anyone outside of hospital due to HIPAA.
Examples of Breaches of Confidentiality
Talk about pt. to family member or friend without notifying pt.
Send record to insurance co. without written permission, wrong site or wrong fax #
Leave record unattended or out to be read & copied.
Maliciously sell pt. information to tabloids for $$$$
Allow others to steal or misuse medical record s or information with your knowledge.
Gossip to anyone about PHI & then it is proven that you spread that rumor.
Penalties per HIPAA violation
Average amt. designated by law for each breach by an agency = $25,000.
Loss of job, loss of professional license, loss of trust by your employer & lawsuit naming "YOU"!
Confidentiality breach : can it stop your education in college?
Yes, this can also lead to permanent removal from medical program
Confidentiality breach: can you be fired as a health care worker?
Yes, may find very difficult to find a new job with this on your record.
Confidentialitybreach: can you be sued personally?
Yes, usually for large sums of money$$$
Confidentiality breach: can you criminally tried & put in jail with jail time?
Yes, there have many cases with malicious intent where medical information was sold to press & these cases will go to trail & punishable by prison sentencing.
Covered Entities/ or places where HIPAA applies
Hospital, clinics, health unit, Drs. Office, any health care institutions, Insurance & billing offices, 3rd party billing, or any entity that has a need to view & handle pts. Medical records
Confidentiality statement for all Employees & Health Care Workers (HCW)
signed statement by employee that handles any protected health information(PHI) ; written explanation of medical record handling & confidential rule for all hospital personnel to follow; it is part of employment orientation & must be completed before working in any health care facility
PHI (Protected Health Information)
any patient/client information that is found in medical chart/ or any information that is given from the pt., family or his chart or that is collected during admission, hospital stay or at time of discharge.
Medical records rules
1. records are kept 21 yrs & burned, shredded to destroy, or given to disposal company, 2. you have right to see your record & may obtain copy, 3. may have to pay small fee, 4. allow all care givers access, but not family members or nosy nurses that are not caring for pt., 5. never COPY any part of record/ chart, 6. never take a picture with phone , release information ., 7. fax or place information on internet for any reason.
DO NOT PUBLISH PATIENT
special group that asks not to acknowledged, while in a health care facility. Nurses, Drs, & students must know how to handle this situation for safety of patient.
Patient Self-Determination Act( 1990-91)
a federal law, and compliance is mandatory. It is the purpose of this act to ensure that a patient's right to self-determination in health care decisions be communicated and protected.
confidentiality
Respecting the privacy of both parties and keeping details secret
Persons responsible for HIPAA in a hospital
any health care worker that has direct or indirect care of the patient or their records
privileged communication
comprise all information given to the health care personnel by a patient; it cannot be told to anyone else without written consent of the patient.
health care records
records that contain information about the care provided to the patient
authorization for release of information
signed form that specifies that medical information may be shared to another entity with the full permission of the patient
computerized medical records
records of the pts. medical information found on computer that must be protected from prying eyes & persons that have no right to see this information