Transcript What Nurses Need to Know about HIPPA
What Nurses Need to Know about HIPAA Marian Stewart Associate Professor Nursing Motlow College ©
Health Insurance Portability and Accountability Act (HIPAA)
• In mid 1990s Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996 . As a step toward portability, HIPAA called for rules that would: • Provide administrative simplification, basically by standardizing the interchange of medical data • Protect patient confidentiality • Protect the security of patient data The law also provided for significant fines for violating standards (for wrongful disclosure of medical data)
Purpose of Module : HIPAA • The purpose of this module is to provide the student nurse and faculty with an understanding of what they need to know about HIPAA regulations and how they affect the day-to-day decisions concerning medical data
Objectives of Module • After reviewing this module, you should be able to :
• Describe the intent of the HIPAA regulation • Describe how HIPAA affects confidentiality • Describe how HIPAA affects information transfer
Introduction
• Computers are being used more commonly in healthcare, and proved tremendous benefit – Speed up procedures – Ease of communication – Access to patient data – Access to lab findings • However, there has also been a growing fear that this increasing use of computers for storing and transmitting patient information may undermine patient confidentiality
HIPAA
• HIPAA addresses these problems along
three major avenues
: • Administrative simplification • Patient Confidentiality • Data Security
Administrative Simplification
• This will involve the personnel in information systems, medical records and administration.
• However, nurses may be required to use new data gathering tools, new forms or programs due to the HIPAA process • A move to standardize the coding of electronic transfer of data to insurance agencies and other payers will be implemented with the HIPAA
Confidentiality • This section will affect nursing greatly
–
“General rule is that patient authorization is required for any use or disclosure of protected information that is not directly related to treatment, payment or health operations” This is to prevent unauthorized disclosures to anyone outside the agency or within the agency
Confidentiality
Rules cover all forms of communication : FAX Computer Screens Whiteboard for nursing assignment MAR (Medication Administration Record) Communication Boards in Patient’s Room Kardex Dietary Trays Lab slips or specimens Patient Charts Patient Rooms J.T. Ellis N213 Patients must not be identified by any available data
Confidentiality in Special Settings
•
Home Health
– Must not forget that the nurse is not a friend of the patient, but a professional even though the setting is more relaxed. Be careful NOT to reveal confidential information to neighbors, family or friends •
Long Term Care
– In long term care residents have gotten to know one another, there may be questions about another resident. AVOID discussing a resident’s condition with another resident.
Confidentiality in Special Settings
Psychiatric /Chemical Dependency Units –
The law requires much more stringent protection of privacy in these settings. It is a violation of federal law to reveal or even confirm the identity of a patient in any psychiatric setting or chemical rehab.
•
Other special Circumstances
– – – –
HIV Pregnancy Sexual Abuse Rape These patients are may be at risk for breach of confidentiality. Normally parents of minors are automatically given information regarding their child’s condition, but law varies from State to State. Know your state’s law.
Reporting Laws and Confidentiality
• There are
some exceptions
to a caregiver’s obligation to keep information confidential –
Threats
Patients in psychiatric setting sometimes make threats to harm others. DO NOT try to decide if a threat is serious. REPORT any threats to instructor and staff.
–
Suspected Abuse
When you encounter any patient who appears to have been physically abused, you have a duty to report your suspicions. As a student, you will report to your instructor who will report to staff. As a nurse, you will be contacting your supervisor, social services and the police.
Other exceptions to confidentiality
Criminal Wounds Gunshots Poisonings Communicable Diseases and Emergency Circumstances Deaths of an Uncertain Nature Report to your supervisor and follow agency/state guidelines
How does this affect you?
• As we visit clinical sites – we will be oriented to the agency’s guidelines for HIPAA implementation •
Patient names will NOT
be posted on Assignment Sheets • Patient information should NEVER be left visible to public Be careful as you are preparing the night before clinical to close charts, MAR, Kardex, etc.
DO NOT LEAVE YOUR PAPERS VISIBLE TO OTHERS • • Computer screens should face away from public view while charting • Never leave patient’s computer screen up if you must leave to care for patient
Never leave information on computer screens for unauthorized persons to gain access – log off
• Do NOT share computer codes
How does this affect you?
• • • If you receive a fax, it must be placed in a secured area,
face down
DO NOT XEROX portions of the patient’s chart, MAR, Lab/diagnostic findings DO NOT DOWNLOAD patient information from the computer
– Your instructor will advise you to any exceptions to these rules in your agency
Who Must Comply?
•
HIPAA law defines
those who must comply as: All persons involved with access to patient information and medical records . ( This includes Motlow’s clinical students/instructors) • Protected health information includes, but is NOT limited to: • Social Security Number • Name • Address and phone number/ Fax number • Date of birth • Diagnosis • Email address • Medical record number • Any account numbers or patient information identifying the patient
Data Security
• The third major portion of HIPAA is directly related to confidentiality. This is the maintaining the security of patient data, particularly when it is transmitted outside the institution. • Each agency will have a policy and procedure for the handling of transmission, security of computer systems and codes
Penalty
• Under HIPAA,
civil and even criminal penalties
can be imposed on organizations and individuals for wrongful disclosure or other forms of noncompliance.
Wrongful disclosure is defined as either knowingly or unknowingly sharing or disclosing information without patient/resident permission.
•
A facility that does not follow these rules may
: –
Be responsible for civil penalties and fines that can quickly add up to thousands of dollars.
–
Be accused of criminal violations that can result in even higher fines and incarceration
–
Be excluded from participation in the Medicare Reimbursement Program
Penalties portion of HIPAA
• •
Civil money penalties
are $100.00 per violation, up to $25,000 per year for each requirement or prohibition violated
Criminal penalties
are up to $50,000 and one year in prison for certain offenses.
– Up to $100,000 fines and up to 5 years in prison if the offenses are committed under false pretenses – Up to $250,00 in fines and up to 10 years in prison if the information obtain is found to be used for commercial advantage, personal gain or malicious harm
What’s wrong in this picture?
• What potential risks to confidetiality can you see or identify?
• What potential risks to confidentiality do you see?
Conclusion
• According to HIPAA legislation, when information must be communicated,
you must make sure
it is for treatment or billing or other uses within the law and within the policies/procedures of your institution This has been an introduction to HIPAA. Your clinical agency will discuss specific policies/ procedures for their institution during orientation.
Listen and Ask Questions
you do not understand how they want you to communicate!
if
Post Assessment: HIPAA Module Answer questions on HIPAA attachment in D2L (drop box) and submit to Course Coordinator via D2L drop box by specified date.
1. Who must comply with 3. HIPAA law applies to the following ways of communication in which information can be transmitted: HIPAA regulations?
a. By phone a. Nurses b. By fax b. Doctors c. By speaking or writing c. Pharmacies d. All the above d. All of the above 2 . Which is NOT considered protected health information?
a. Name b. Social Security Number c. Medical Record Number d. General statement of condition (fair, stable, etc.) 4. Which of the following are a violation of the HIPAA law?
a. Unlocked file cabinets b. Visible computer screens c. Patient information tacked on bulletin boards d. All of the above 5. Under HIPAA law, which of the following requires a consent from the patient before releasing information?
a. Emergency services c. Law enforcement b. Reporting of abuse or neglect d. Information to life insurance company for eligibility coverage
References
• • • • • • • • • Cichon, T. (2002)
Can you pass the HHN’s HIPAA Quiz?
Nurse. 20(6), 400 – 401.
Home Health
How HIPAA will change your practice
.(2002) Nursing. 32(9), 54-57.
Maio, J. (2003)
HIPAA and the Special status of psychotherapy notes
. Lippincott’s Case Management. 8(1), 24-29
The New HIPAA Law on Privacy and Confidentiality
. (2002) Nursing Administration Quarterly. 26(4). 40-54.
Oram, M. (2003) CEU:
HIPAA Regulations Update Course
# 106
What you need to know about HIPAA
. CEU Course: RN.com
Wilber, K. (2003)
HIPAA Security Requirements: Prepare to Comply
.
Healthcare.
www.medscape.com/view article/448840 Williams, T. (2002)
HIPAA… one size does not necessary fit all
. Home Healthcare Nurse. 20(4). 221-224 Ziel, S. (2002)
Legal checkpoints: Get on board with HIPAA privacy regulations
. Nursing Management. 23(10), 28-29