Beacon Partners Logo Beacon Partners People Image
Home Contact Us Site Map Privacy Policy
The Beacon Promise
Top Divider
 
SERVICE OFFERINGS   |   GOVERNMENT SERVICES  |   PRESS ROOM   |   ABOUT US   |   CAREERS  
 

 
 
PRESS RELEASES
INDUSTRY EVENTS
ARTICLES
PRESENTATIONS
WHITE PAPERS
 
 
     
  Beacon Partners Careers  
     
     
     
     

 

 
 

What Nurses Really Need to Know About HIPAA
By Kathleen LePar, RN, MBA
Senior Consultant
Beacon Partners, Inc.

By now most nurses have probably been introduced to the Health Insurance Portability and Accountability Act, which has happily been reduced to “HIPAA.” The name itself is foreboding, but once we take a closer look and abide by guiding principles, it will start to be part of your everyday life. At first glance, health care workers may recognize this legislation, especially the Privacy Rule, as that “same old confidentiality issue.” But is it?

Confidentiality is a huge issue and is certainly linked to patient privacy. These issues are of the utmost importance in protecting trusting relationships between patients and health care providers. Nurses see patients at their most vulnerable times and are intimately involved with patient care, including access to the patients’ medical records.

A key role in nursing is based on a trusting relationship between the nurse and the patient so that quality patient care can be provided. Because of the trust patients place in the nurse’s hands, information is disclosed regarding individual and family medical history, as well as social and economical information.

Confidentiality and protecting the privacy of this information is not new to nursing and goes back further than you think possible. In 1893, Mrs. Lystra E. Getter and a committee for the Farrand Training School for Nurses in Detroit, Michigan modified the “Hippocratic Oath” and authored the “Florence Nightingale Pledge” to honor the founder of modern nursing. The Florence Nightingale Pledge is still recited today and reflects the value nurses place on protecting privacy as noted in these immortal words; “…and will hold in confidence all personal matters committed to my keeping and all family affairs coming to my knowledge in the practice of my calling.”

The nursing profession takes this pledge very seriously and continues to define this important promise we make to our patients on a daily basis. In 1985, the Code of Ethics for Nurses was drafted, and revisions by the American Nurses Association (“ANA”) as of June 23, 2001 reflect the following in regard to privacy and confidentiality:

"3.1 Privacy - The nurse safeguards the patient's right to privacy. The need for health care does not justify unwanted intrusion into the patient's life. The nurse advocates for an environment that provides for sufficient physical privacy, including auditory privacy for discussions of a personal nature and policies and practices that protect the confidentiality of information.

3.2 Confidentiality - Associated with the right to privacy, the nurse has a duty to maintain confidentiality of all patient information. The patient's well-being could be jeopardized and the fundamental trust between patient and nurse destroyed by unnecessary access to data or by the inappropriate disclosure of identifiable patient information. The rights, well-being, and safety of the individual patient should be the primary factors in arriving at any professional judgment concerning the disposition of confidential information received from or about the patient, whether oral, written or electronic. The standard of nursing practice and the nurse's responsibility to provide quality care require that relevant data be shared with those members of the health care team who have a need to know. Only information pertinent to a patient's treatment and welfare is disclosed, and only to those directly involved with the patient's care. Duties of confidentiality, however, are not absolute and may need to be modified in order to protect the patient, other innocent parties and in circumstances of mandatory disclosure for public health reasons.”

It is clear that part of our roles as health care workers is to protect patient privacy. We have always drawn curtains and closed doors to promote the physical privacy of our patients. And how many times have we been told not to discuss patient information in public areas such as elevators and cafeterias? Therefore, it seems that the nursing profession is very aware of privacy and confidentiality. But does this mean that there is no need for nurses to dig deeper in regard to HIPAA and, specifically, the Privacy Rules?

The Florence Nightingale Pledge and the Code of Ethics for Nurses provides guidance, as does HIPAA, but each and every nurse must embrace this guidance in every instance as a health care provider. It is not good enough to recite what we know should be the values we subscribe to; we must make them part of our everyday practice. Are we really doing that now?

The HIPAA Privacy Rules involve many old issues with nuances necessary for regulatory requirements. It is extremely important (in fact it is the law) to attend training courses regarding these Privacy Rules along with understanding the policies and procedures your employer will be or has drafted to guide employees toward compliance with these very important rules.

Let’s take a look at some of the HIPAA Privacy Rules and equate them to scenarios that we as nurses can relate to in our work experiences. Can you identify a breach of privacy that you may have participated in unknowingly?

1. Organized Nurse
You just finished your shift and take a few minutes to look over all of your notes on the patients in your care. The notes contain each of the individual patients’ names and notations of their complaints, concerns, treatments, medications, and symptoms. You are done with the information on this paper. What should you do?

Health care information used to identify an individual can take many forms. Under this new law, this is referred to as protected health information (“PHI”). PHI can be written on paper or in a chart, spoken in person or on the phone, stored in a computer or PDA, or sent by an e-mail or fax.

Sometimes this information is limited and may just be a note, but if that note can identify an individual in any way (age, name, address, medical record number, Social Security number, date of admission, or any of many other identifiers) and is connected with health information (diagnosis, treatments, medications, etc.), it must be kept confidential. It is your responsibility to protect all information and dispose of it properly.

So… “What should you do?”

  • The notes identify patients and contain health information. Even though not part of the patients’ medical record, the notes are considered PHI.
  • Dispose of all notes or documents containing PHI by placing them in locked shredding bins or directly shredding the material.

2. Concerned Nurse
You are a nurse in the Emergency Department (“ED”). Earlier in the week you took care of your neighbor while she was in the ED. After initial treatment the doctor admitted her to the Intensive Care Unit (“ICU”). You would like to see how she is doing now. You can access her lab results on the computer system, and you know several nurses in the ICU. What should you do?
The minimum necessary standard requires that the health care provider make reasonable efforts to limit disclosure of PHI to the minimum amount necessary to accomplish the intended purpose of its use. A policy identifying which practitioners and staff will have access to patient information and under which circumstances will need to be put in place by your institution. The standard does not apply to disclosures to providers for treatment purposes or to the individual patient.

So… “What should you do?”

  • While you were caring for the patient in the ED, you had a need to know PHI in order to care for the patient.
  • You may still have access to the system that contains information about this patient, but you no longer need to know this information as a nurse in the ED.
  • It is understandable that you are concerned, but the best course of action is to visit your neighbor and ask her how she is doing.
  • Do not ask the nurses in the ICU to share this information with you as that constitutes a breach of privacy committed by the ICU nurse as well as by you.

3. Helpful Nurse
You are working on a nursing unit. A gentleman stops you in the hallway and asks you if you can direct him to Mrs. Jones’ room. He states that he is her husband. You are not taking care of Mrs. Jones but can easily look on your report sheet to direct him to his wife’s room. What should you do?

Hospitals list certain information in inpatient directories. This information contains the patient’s name, room number, condition, and religion and may be given to visitors, florists, clergy, etc. This has been normal practice in hospitals across the nation. This practice may continue, although under HIPAA guidelines the patient must now have the opportunity to “opt out” of the directory or restrict the amount of information given.

So… “What should you do?”

  • If a patient opts out of the directory completely, employees cannot give any information to visitors or callers and cannot even verify that the patient is in the facility.
  • If you are unaware of the patient’s wishes, whether or not he/she has chosen to opt out, you must direct all questions to the information desk or the nurses’ station.

4. Talkative Nurse
You are done with your shift and walking out with co-workers. It was an extremely busy day, and as you leave the floor you continue to discuss many issues concerning patients. You don’t mention their names, but the information clearly identifies these patients. What should you do?

Some situations arise that cause PHI to be disclosed unintentionally or through incidental disclosure. For example, a hospital visitor may overhear a patient’s confidential conversation with his/her physician or may overhear physicians and students on rounds.

HIPAA permits certain incidental uses and disclosures to occur when reasonable protections are put in place to minimize that likelihood. It is important to make sure that you put as many safeguards in place as possible to protect privacy of patient information.

So… “What should you do?”

  • Don’t discuss patients or their conditions in public areas, such as the cafeteria, hallway, elevator, or lobby.
  • Only discuss confidential patient information with others if there is a need to know.
  • Recognize that even small amounts of information can clearly identify a patient in many cases.

5. Troubled Nurse
You notice that an employee shares her password with employees who are not allowed access to the system or looks up information for them. You tell her that this is a breach of privacy, and she states the following: “Whatever. Everyone else does it and it doesn’t hurt anyone.” What should you do?

HIPAA expects all employees to follow the privacy policies. These new regulations require a complaint reporting system. If a breach of privacy is done continually and all other efforts are exhausted, a complaint should be filed following the steps described in your institution’s policy and procedure manual regarding the reporting process.

So… “What should you do?”

  • Inform your co-worker that sharing her password constitutes a breach in privacy and endangers the entire system containing PHI.
  • Breaking HIPAA’s Privacy or Security Rules can mean either a civil or criminal penalties.
  • Ask the individual how she would feel if others accessed her PHI without the need to know.
  • You should report this breach by following the process outlined in your organization’s policy and procedure manual.

As you can see, none of the nurses in the above scenarios intended harm or to breach privacy of PHI, but the end results could actually cause patientss privacy to be violated. We must always stop and put ourselves or loved ones in the situations and ask how you would want your PHI cared for. Now is the time to pull out the stops and excuses and forge ahead, to get involved and to become a key to HIPAA implementation and compliance.

The issues discussed in this article represent a mere sampling of the HIPAA Privacy Rule. HIPAA gives patients many rights in regard to protecting their health information, all of which you should become familiar with. The HIPAA Privacy Rule also requires health care facilities to provide patients with a notice. This notice must advise patients of their rights and tell them how your facility uses and shares their PHI. This notice is called the “Notice of Privacy Practices.”

Remember, every time a nurse discusses a patient, requests health information, sends information, and coordinates a referral, he/she must be conscious of the need to comply with HIPAA Privacy Regulations. It is your job to attend training and be knowledgeable of the policies and procedures that will guide you to HIPAA compliance and thereby protect the privacy of your patient’s PHI.

# # #

Return to the Articles Index >>

 

 
SERVICE OFFERINGS | GOVERNMENT SERVICES | PRESS ROOM | ABOUT US | CAREERS | CONTACT US | SITE MAP | PRIVACY POLICY