Date post: | 14-Dec-2015 |
Category: |
Documents |
Upload: | jaheim-stringer |
View: | 219 times |
Download: | 0 times |
HIPAA Basics: Privacy
2HIPAA Basics 2
The History of HIPAA
As health care providers, we have always been called upon to maintain the privacy and confidentiality of patient health information.
This is an ethical and legal obligation that we hold as nurses and as nursing students.
Until recently, patient medical records were recorded and maintained primarily on paper.
Records were then filed and stored in physician offices, hospitals, and other health care areas. These records were kept safe in locked cabinets or closets.
3HIPAA Basics 3
The History of HIPAAWith increasing technology, we are able to maintain electronic files that allow more flexibility in communicating information.
It is now easier to quickly share records between offices, clinics, and hospitals which results in minimized storage requirements.
In addition, we are better able to track and analyze data that helps improve quality of care while controlling costs.
4HIPAA Basics 4
Information Accessibility According to the American Health
Information Management Association (AHIMA), an average of 150 people have access to patient medical records during a typical hospitalization.
This may include:nursing staff, housekeeping, x-ray technicians, physicians, food service staff, billing clerks, etc.
Because so many people have access to patient information, it is our responsibility to ensure that medical files are accessed only by those needing that information to provide care.
5HIPAA Basics 5
The History of HIPAA
This Federal legislation is called the
Health Insurance Portability and Accountability Act (HIPAA)
The U.S. Federal government passed a law in 1996 that created
national standards to protect patient medical records and
other personal health information.
6HIPAA Basics 6
The History of HIPAA HIPAAHIPAA went into effectwent into effect on April 14, 2003. on April 14, 2003.
It sets forth It sets forth minimum standardsminimum standards that all facilities that all facilities must follow to protect patient information.must follow to protect patient information.
The key term associated with these privacy The key term associated with these privacy rules is rules is Protected Health InformationProtected Health Information or or PHIPHI..
PHIPHI covers all of the following: covers all of the following:
Information used within a facilityInformation used within a facility Verbal Verbal oror written information written information Information stored in computer filesInformation stored in computer files Patient information stored in paper filesPatient information stored in paper files Data shared between providers, payers or Data shared between providers, payers or
third partiesthird parties
7HIPAA Basics 7
Failure to Comply•Every health care organization is expected to develop policies and procedures to guide HIPAA practices within their facility.
•Every person who provides care or assistance to patients in that facility is expected to understand and comply with HIPAA regulations. It is essential that all patient health information be kept confidential.
•Organizations or individuals that violate HIPAA rules are subject to monetary fines (up to $250,000!) and civil or criminal charges (up to 10 years in jail!).
•Failure to comply may also: hurt the reputation of the facility put accreditation at risk result in costly lawsuits
8HIPAA Basics 8
HIPAA GoalThe The goalgoal of the HIPAA privacy program is to of the HIPAA privacy program is to protect confidential information from improper use protect confidential information from improper use or disclosure.or disclosure.
What does this mean to you? What does this mean to you?
9HIPAA Basics 9
Administrative RequirementsEvery agency mustEvery agency must::
Appoint a Appoint a Privacy OfficerPrivacy Officer..
Develop Develop policies and procedurespolicies and procedures that guide HIPAA that guide HIPAA implementation, evaluation and revision. These must include implementation, evaluation and revision. These must include actions taken for those who do not follow the directives.actions taken for those who do not follow the directives.
Provide Provide education on HIPAAeducation on HIPAA and organizational and organizational policies/procedures.policies/procedures.
Develop a process for handling privacy related complaints.Develop a process for handling privacy related complaints.
Ensure Ensure no retaliationno retaliation occurs against someone who reports occurs against someone who reports potential violations in good faith.potential violations in good faith.
Take appropriate action to Take appropriate action to minimize any harmminimize any harm that may that may result from breach of privacy.result from breach of privacy.
Ensure processes are in place to Ensure processes are in place to demonstrate compliancedemonstrate compliance with documentation and record keeping.with documentation and record keeping.
10HIPAA Basics 10
YOUR Responsibility You must protect confidential information about patients and use information only to perform your role as a student nurse in that agency.
It is your responsibility to be sure patient information is only disclosed to others who have a legal right to it.
What information needs to be kept private?
All information that identifies an individual is considered confidential.
This includes: (but is not limited to)name, address, date of birth, phone/fax number,SS number, medical record or hospital number,room number, photographs, etc
It also includes: nursing and physician notes, treatment plans, and billing/insurance records
11HIPAA Basics 11
HIPAA Patient RightsHIPAA guarantees these rights to patients:
Right to privacy Right to confidential use of protected health information
(PHI) for treatment, billing, and other health care operations (such as quality improvement)
Right to access and amend their health information upon request
Right to provide specific authorization for use of their health information other than for treatment, billing and other operations
Right to have their name withheld from patient directories (having their name not listed as being present in a facility other than for treatment, billing, and other operations)
Right to request that information concerning their care is not released to specific individuals
Right to request that specific individuals are not told of their presence in a facility
12HIPAA Basics 12
HIPAA Patient RightsEvery patient should receive a document called a Notice and
be asked to sign an Authorization.
This Notice gives patients:
Information about their rights. A description of how their PHI may be used by the
facility. A comprehensive list of others to whom their health
information may be disclosed.
The Notice must be given to the patient on the first treatment date or as soon as is practical in an emergent situation.
13HIPAA Basics 13
HIPAA Patient Rights An An AuthorizationAuthorization is a form: is a form:
signed by the patient for use and signed by the patient for use and disclosure of specific PHI that are not disclosure of specific PHI that are not related to treatment, payment, or health related to treatment, payment, or health care operations. care operations.
There are There are somesome uses and disclosures where uses and disclosures where an authorization is an authorization is not requirednot required..
When in doubt about information for which a When in doubt about information for which a signed authorization is required….signed authorization is required….
~ Please~ Please ASKASK your instructor ~your instructor ~
14HIPAA Basics 14
HIPAA Patient RightsWhat do YOU need to know?
Patients have the right to register complaints with Federal agencies and with the facility if they feel their rights have been violated.
Every facility has a Privacy Officer who is responsible for overseeing HIPAA implementation.
If you are uncertain about what information may be given out, talk to your instructor, a nurse on the unit where you are assigned, or contact the Privacy Officer.
15HIPAA Basics 15
Review QuestionThe goal of HIPAA is to catch staff sharing patient The goal of HIPAA is to catch staff sharing patient protected health information (PHI) with those who protected health information (PHI) with those who do not need the information....do not need the information....
True or False?True or False?
To see the correct answer, click NEXT.
16HIPAA Basics 16
AnswerFALSE
The goal of HIPAA is to protect confidential patient information from improper use or disclosure.
If you see an apparent violation, you should report it to your instructor who will immediately assist you in contacting the Privacy Officer.
17HIPAA Basics 17
Unauthorized DisclosuresOne of the biggest threats to patient privacy is UNINTENTIONAL disclosure of information ~Examples include:
Discussing patient information where other patients, visitors or staff may overhear ~ such as in elevators, hallways, dining facilities, or other common areas.
Leaving sensitive information in a location where patients or visitors could possibly see it.
18HIPAA Basics 18
Unauthorized DisclosuresAnother threat to patient privacy is when a staff
member intentionally uses or discloses information in an unauthorized way:
Copying information and taking it home
Removing medical records and giving them to those with no legal right of possession
Deliberately sharing information with unauthorized persons(family members, friends, colleagues, news reporters, etc)
Using confidential information to gossip about patients
Leaving a computer unattended after logging in to an application
Sharing passwords with others or leaving passwords around a computer
19HIPAA Basics 19
Unauthorized Disclosures Always be cognizant of:
• Where you are• Who is around you• What information can be seen or heard• How you can “minimize possible incidental disclosure to
others”
You must ensure that PHI is only shared:• With those who need to know• At the minimum level necessary• In order to provide safe, effective, and efficient care
As a Student Nurse:• Don’t browse through a patient charts or files out of
curiosity• Access only portions of medical record that you need
to perform your role as a student nurse
It is essential that everyone with access to PHI be aware of what is going on in their surroundings.
20HIPAA Basics 20
Review QuestionOne of the privileges of working in healthcare is One of the privileges of working in healthcare is that we have access to our friends and families that we have access to our friends and families PHI so we know when they have an illness….PHI so we know when they have an illness….
True or False?True or False?
To see the correct answer, click on
NEXT.
21HIPAA Basics 21
Answer
FALSE
We do not have a right to access health information for anyone, including family members, unless it is essential for patient care.
If you inadvertently view/hear patient information that is not necessary for you to provide care, you cannot share that information with anyone else.
22HIPAA Basics 22
Verify Identity
Before you can legally release PHI (in person, by phone, or in writing):
You must confirm the identity of the person requesting
Determine if the requesting person is entitled to the information
Verify what specific information this person is permitted to haveHow can you verify identity?
A photo ID Password chosen by patient to ensure
confidentiality Information known by those close to patient &
who are permitted to access PHI (ie; middle name, DOB, mother’s maiden name, name of HS/College, etc)
23HIPAA Basics 23
Security RulesPrivacy Rules (which we have been discussing up
to this point) identify what information is protected and define how and when PHI may be used or disclosed.
Security Rules (used in addition to Privacy Rules) apply to PHI that is sent electronically . These rules govern PHI that is being transmitted, used, or stored in electronic format.
KEY COMPONENTS
1. Physical Security: protects computer hardware, wiring, systems, areas, and buildings
2. Technical Security: determines the type of information that may be accessed by individuals via computer
3. Technical Security Mechanisms: automatically monitor computer systems and report suspicious activity
4. Administrative Procedures: outline steps taken by the facility to enforce Security Rules
These define the basic level of security that
must be in place to comply with
HIPAA
24HIPAA Basics 24
Electronic Communication
In order to protect PHI, it is important for us to understand how information is stored, transmitted, and utilized.
Examples are: Faxes, Emails, Computer Reports
As STUDENTS, if you are placed in a situation that requires you to email or fax PHI, consult your instructor about the proper procedure.
Be especially mindful that any clinicalinformation/communication is delivered
to the intended person or destination!
25HIPAA Basics 25
Case Scenario
Dr. Williams asks Sue, a nurse, to bring up patient lab results on the computer at the nurse’s station. He does not see anyone in the area and he asks Sue to turn the monitor around so he can see it. There is no one near the desk when the screen is turned toward him. When Dr. Williams is finished, Sue turns the screen back around, away from public view.
Dr. Williams and Sue violated HIPAA by turning the screen and viewing the lab results….
True or False?True or False?
To see the correct answer, click NEXT.
26HIPAA Basics 26
Case Answer
FALSE
Because they took the time to examine their surroundings and make certain no unauthorized persons were near, they did NOT violate HIPAA. Turning the screen around and then returning it to a secure position is an acceptable practice.
If there were visitors or other staff present, the doctor would have to go behind the desk and view the screen.
27HIPAA Basics 27
Paper Communication During your clinical experiences, you will encounter many documents that contain confidential information (PHI).
It is YOUR responsibility to keep these documents out of public view!
At your clinical site, NEVER leave documents where they may be accessed by unauthorized persons ~ even accidentally.
Faculty often utilize visitor lounges, conference rooms, or other common areas for post-clinical discussion. In these public areas, it is especially important that you do not have papers/medical information where it could be seen by others.
When you are finished with When you are finished with documents containing patient documents containing patient information, information, DISPOSEDISPOSE of them in of them in designated containers ONLY!designated containers ONLY!
28HIPAA Basics 28
Case QuestionJulie is a nurse entering information into a patient chart at the nurse’s station where visitors often come to ask questions. Jeff, another nurse, steps out of a patient room and asks Julie for help. Julie leaves the chart open on the desk, then goes to assist Jeff in the patient’s room.
Leaving the chart open on the desk is OK since the nurse will be right back and trying to find her place would waste too much time….
True or False?True or False?
To see the correct answer, click NEXT.
29HIPAA Basics 29
Case AnswerFALSE
The best way to maintain patient confidentiality is to NEVER leave records open & unattended. Closing the chart is a good first step.
In a non-emergent situation, always return the chart to its designated location before leaving the area.
In an emergency, secure the chart usingyour professional judgment,then assist with the emergency.
30HIPAA Basics 30
Verbal CommunicationNursing is a collaborative team effort and is never practiced in isolation. As a result, there are many times when you will NEED to discuss patient information with colleagues.
What should you do then ???
REMEMBER: Only discuss information relevant to patient care Include only individuals involved with the particular
issue Choose an area that is private to discuss the case Check the surroundings to ensure no one will
overhear confidential information
31HIPAA Basics 31
Case Scenario
Jennifer, a nurse, and Tom, a physical therapist, are eating lunch together in the cafeteria. They begin discussing a patient for which they are both providing care. The cafeteria is crowded and others overhear them refer to the patient by name.
They are violating HIPAA in this situation….
True or False?True or False?
To see the correct answer, click
NEXT.
32HIPAA Basics 32
Case Answer
TRUE
NEVER discuss PHI
in areas where
others may overhear!!
If you need to discuss patient care with a co-worker, speak softly in an area away from the public.
33HIPAA Basics 33
Case and QuestionThe adult daughter of an elderly patient is in the room when the doctor comes in to review the patient’s test results. The patient introduces his daughter and then asks about the test. The doctor proceeds to explain the results in front of the patient’s daughter.
The doctor violated HIPAA by talking about the test results with the daughter present in the room….
True or False?True or False?
To see the correct answer, click
NEXT.
34HIPAA Basics 34
Case Answer
FALSE
Because the patient asked about the results with his daughter in the room, the doctor can assume that it is appropriate to discuss the results in front of her .
35HIPAA Basics 35
Case Question
In the Radiology waiting room, an X-Ray Technologist calls the next patient by saying, “Jane Smith, we are ready for you in the sonogram room.”
The X-Ray Tech violated HIPAA by calling out the patient’s name and test to be performed….
True or True or False?False?
To see the correct answer, click
NEXT.
36HIPAA Basics 36
Case AnswerTRUE
Healthcare employees are allowed to call out patient names in a waiting room. However, no other information should be communicated within the public area.
The X-Ray Tech should not have mentionedthe room to which the patient was going.Stating, “Jane Smith, we are ready for you now,”is acceptable.
37HIPAA Basics 37
Non-Retaliation Policy Every institution is required to have a policy in place to Every institution is required to have a policy in place to
safeguard the rights of a person who, in good faith, reports safeguard the rights of a person who, in good faith, reports a privacy violation. a privacy violation.
Action Action should notshould not be taken against be taken against anyoneanyone:: Exercising their rights, including filing a complaintExercising their rights, including filing a complaint Filing a complaint with the Department of Health and Filing a complaint with the Department of Health and
Human Services (DHHS)Human Services (DHHS) Testifying, assisting, or participating in an investigation, Testifying, assisting, or participating in an investigation,
compliance review, proceeding, or hearingcompliance review, proceeding, or hearing That believes an act or practice is against the lawThat believes an act or practice is against the law
RememberRemember, anyone reporting a violation must , anyone reporting a violation must believebelieve there is a problem BUT, they may there is a problem BUT, they may not use or disclose not use or disclose PHIPHI to address their concern. to address their concern.
38HIPAA Basics 38
Complaints
If you feel there has been a privacy violation, inform your instructor and they will immediately assist you in contacting the Privacy Officer.
You should refer patients who have a privacy concern or complaint to the charge nurse on the unit.
39HIPAA Basics 39
Summary AllAll health information that health information that
specifically specifically identifiesidentifies an individual an individual (PHI) is considered confidential!(PHI) is considered confidential!
Protecting the privacy of patient Protecting the privacy of patient information is information is everyone’severyone’s responsibility.responsibility.
As a As a Student NurseStudent Nurse, you are an , you are an active part of this program. Be sure to active part of this program. Be sure to access access only only the information needed to the information needed to perform your assigned responsibilities.perform your assigned responsibilities.
Be awareBe aware! Don’t intentionally ! Don’t intentionally or or unintentionallyunintentionally disclose PHI ~ Help disclose PHI ~ Help others do the same.others do the same.
If you suspect a HIPAA violation, If you suspect a HIPAA violation, notify your instructornotify your instructor who will who will immediately assist you in contacting immediately assist you in contacting the Privacy Office.the Privacy Office.
40HIPAA Basics 40
Thank You!
Thanks to….Thanks to….
~ Memorial Medical ~ Memorial Medical Center ~Center ~
~ OSF St. Joseph ~ OSF St. Joseph Hospital ~Hospital ~
……for assistance with for assistance with this HIPAA module!this HIPAA module!
You are now ready to take You are now ready to take the the Final QUIZFinal QUIZ!!