2 The History of HIPAAAs health care providers, we have always been called upon to maintain the privacy and confidentiality of patient health information.This is an ethical and legal obligation that we hold as nurses and as nursing students.Until recently, patient medical records were recorded and maintained primarily on paper.Records were then filed and stored in physician offices, hospitals, and other health care areas. These records were kept safe in locked cabinets or closets.
3 The History of HIPAAWith increasing technology, we are able to maintain electronic files that allow more flexibility in communicating information.It is now easier to quickly share records between offices, clinics, and hospitals which results in minimized storage requirements.In addition, we are better able to track and analyze data that helps improve quality of care while controlling costs.
4 Information Accessibility According to the American Health Information Management Association (AHIMA), an average of 150 people have access to patient medical records during a typical hospitalization.This may include:nursing staff, housekeeping, x-ray technicians, physicians, food service staff, billing clerks, etc.Because so many people have access to patient information, it is our responsibility to ensure that medical files are accessed only by those needing that information to provide care.
5 The History of HIPAAThe U.S. Federal government passed a law in 1996 that creatednational standards to protect patient medical records andother personal health information.This Federal legislation is called theHealth Insurance Portability and Accountability Act (HIPAA)
6 The History of HIPAA HIPAA went into effect on April 14, 2003. It sets forth minimum standards that all facilities must follow to protect patient information.The key term associated with these privacy rules is Protected Health Information or PHI.PHI covers all of the following:Information used within a facilityVerbal or written informationInformation stored in computer filesPatient information stored in paper filesData shared between providers, payers or third parties
7 Failure to ComplyEvery health care organization is expected to develop policies and procedures to guide HIPAA practices within their facility.Every person who provides care or assistance to patients in that facility is expected to understand and comply with HIPAA regulations. It is essential that all patient health information be kept confidential.Organizations or individuals that violate HIPAA rules are subject to monetary fines (up to $250,000!) and civil or criminal charges (up to 10 years in jail!).Failure to comply may also:hurt the reputation of the facilityput accreditation at riskresult in costly lawsuits
8 HIPAA Goal What does this mean to you? The goal of the HIPAA privacy program is to protect confidential information from improper use or disclosure.What does this mean to you?
9 Administrative Requirements Every agency must:Appoint a Privacy Officer.Develop policies and procedures that guide HIPAA implementation, evaluation and revision. These must include actions taken for those who do not follow the directives.Provide education on HIPAA and organizational policies/procedures.Develop a process for handling privacy related complaints.Ensure no retaliation occurs against someone who reports potential violations in good faith.Take appropriate action to minimize any harm that may result from breach of privacy.Ensure processes are in place to demonstrate compliance with documentation and record keeping.
10 YOUR ResponsibilityYou must protect confidential information about patients and use information only to perform your role as a student nurse in that agency.It is your responsibility to be sure patient information is only disclosed to others who have a legal right to it.What information needs to be kept private?All information that identifies an individual is considered confidential.This includes: (but is not limited to)name, address, date of birth, phone/fax number,SS number, medical record or hospital number,room number, photographs, etcIt also includes: nursing and physician notes, treatment plans, and billing/insurance records
11 HIPAA Patient Rights HIPAA guarantees these rights to patients: Right to privacyRight to confidential use of protected health information (PHI) for treatment, billing, and other health care operations (such as quality improvement)Right to access and amend their health information upon requestRight to provide specific authorization for use of their health information other than for treatment, billing and other operationsRight to have their name withheld from patient directories (having their name not listed as being present in a facilityother than for treatment, billing, and other operations)Right to request that information concerning their care is not released to specific individualsRight to request that specific individuals are not told of their presence in a facility
12 HIPAA Patient Rights This Notice gives patients: Every patient should receive a document called a Notice and be asked to sign an Authorization.This Notice gives patients:Information about their rights.A description of how their PHI may be used by the facility.A comprehensive list of others to whom their health information may be disclosed.The Notice must be given to the patient on the first treatment date or as soon as is practical in an emergent situation.
13 ~ Please ASK your instructor ~ HIPAA Patient RightsAn Authorization is a form:signed by the patient for use and disclosure of specific PHI that are not related to treatment, payment, or health care operations.There are some uses and disclosures where an authorization is not required.When in doubt about information for which a signed authorization is required….~ Please ASK your instructor ~
14 HIPAA Patient Rights What do YOU need to know? Patients have the right to register complaints with Federal agencies and with the facility if they feel their rights have been violated.Every facility has a Privacy Officer who is responsible for overseeing HIPAA implementation.If you are uncertain about what information may be given out, talk to your instructor, a nurse on the unit where you are assigned, or contact the Privacy Officer.
15 To see the correct answer, click NEXT. Review QuestionThe goal of HIPAA is to catch staff sharing patient protected health information (PHI) with those who do not need the information....True or False?To see the correct answer, click NEXT.
16 AnswerFALSEThe goal of HIPAA is to protect confidential patient information from improper use or disclosure.If you see an apparent violation, you should report it to your instructor who will immediately assist you in contacting the Privacy Officer.
17 Unauthorized Disclosures One of the biggest threats to patient privacy is UNINTENTIONAL disclosure of information ~Examples include:Discussing patient information where other patients, visitors or staff may overhear ~ such as in elevators, hallways, dining facilities, or other common areas.Leaving sensitive information in a location where patients or visitors could possibly see it.
18 Unauthorized Disclosures Another threat to patient privacy is when a staff member intentionally uses or discloses information in an unauthorized way:Copying information and taking it homeRemoving medical records and giving them to those with no legal right of possessionDeliberately sharing information with unauthorized persons(family members, friends, colleagues, news reporters, etc)Using confidential information to gossip about patientsLeaving a computer unattended after logging in to an applicationSharing passwords with others or leaving passwords around a computer
19 Unauthorized Disclosures Always be cognizant of:Where you areWho is around youWhat information can be seen or heardHow you can “minimize possible incidental disclosure to others”You must ensure that PHI is only shared:With those who need to knowAt the minimum level necessaryIn order to provide safe, effective, and efficient careAs a Student Nurse:Don’t browse through a patient charts or files out of curiosityAccess only portions of medical record that you need to perform your role as a student nurseIt is essential that everyone with access to PHI be aware of what is going on in their surroundings.
20 To see the correct answer, click on NEXT. Review QuestionOne of the privileges of working in healthcare is that we have access to our friends and families PHI so we know when they have an illness….True or False?To see the correct answer, click on NEXT.
21 AnswerFALSEWe do not have a right to access health information for anyone, including family members, unless it is essential for patient care.If you inadvertently view/hear patient information that is not necessary for you to provide care, you cannot share that information with anyone else.
22 Verify IdentityBefore you can legally release PHI (in person, by phone, or in writing):You must confirm the identity of the person requestingDetermine if the requesting person is entitled to the informationVerify what specific information this person ispermitted to haveHow can you verify identity?A photo IDPassword chosen by patient to ensure confidentialityInformation known by those close to patient & who are permitted to access PHI (ie; middle name, DOB, mother’s maiden name, name of HS/College, etc)
23 Security RulesPrivacy Rules (which we have been discussing up to this point) identify what information is protected and define how and when PHI may be used or disclosed.Security Rules (used in addition to Privacy Rules) apply to PHI that is sent electronically . These rules govern PHI that is being transmitted, used, or stored in electronic format.KEY COMPONENTSPhysical Security: protects computer hardware, wiring, systems, areas, and buildingsTechnical Security: determines the type of information that may be accessed by individuals via computerTechnical Security Mechanisms: automatically monitor computer systems and report suspicious activityAdministrative Procedures: outline steps taken by the facility to enforce Security RulesThese define the basic level of security that must be in place to comply with HIPAA
24 Electronic Communication In order to protect PHI, it is important for us tounderstand how information is stored, transmitted,and utilized.Examples are: Faxes, s, Computer ReportsAs STUDENTS, if you are placed in a situation thatrequires you to or fax PHI, consult your instructorabout the proper procedure.Be especially mindful that any clinicalinformation/communication is deliveredto the intended person or destination!
25 To see the correct answer, click NEXT. Case ScenarioDr. Williams asks Sue, a nurse, to bring up patient lab results on the computer at the nurse’s station. He does not see anyone in the area and he asks Sue to turn the monitor around so he can see it. There is no one near the desk when the screen is turned toward him. When Dr. Williams is finished, Sue turns the screen back around, away from public view.Dr. Williams and Sue violated HIPAA by turning the screen and viewing the lab results….True or False?To see the correct answer, click NEXT.
26 Case AnswerFALSEBecause they took the time to examine their surroundings and make certain no unauthorized persons were near, they did NOT violate HIPAA. Turning the screen around and then returning it to a secure position is an acceptable practice.If there were visitors or other staff present, the doctor would have to go behind the desk and view the screen.
27 Paper CommunicationDuring your clinical experiences, you will encounter many documents that contain confidential information (PHI).It is YOUR responsibility to keep these documents out of public view!At your clinical site, NEVER leave documents where they may be accessed by unauthorized persons ~ even accidentally.Faculty often utilize visitor lounges, conference rooms, or other common areas for post-clinical discussion. In these public areas, it is especially important that you do not have papers/medical information where it could be seen by others.When you are finished with documents containing patient information, DISPOSE of them in designated containers ONLY!
28 To see the correct answer, click NEXT. Case QuestionJulie is a nurse entering information into a patient chart at the nurse’s station where visitors often come to ask questions. Jeff, another nurse, steps out of a patient room and asks Julie for help. Julie leaves the chart open on the desk, then goes to assist Jeff in the patient’s room.Leaving the chart open on the desk is OK since the nurse will be right back and trying to find her place would waste too much time….True or False?To see the correct answer, click NEXT.
29 Case AnswerFALSEThe best way to maintain patient confidentiality is to NEVER leave records open & unattended. Closing the chart is a good first step.In a non-emergent situation, always return the chart to its designated location before leaving the area.In an emergency, secure the chart usingyour professional judgment,then assist with the emergency.
30 Verbal Communication What should you do then ??? REMEMBER: Nursing is a collaborative team effort and is never practiced in isolation. As a result, there are many times when you will NEED to discuss patient information with colleagues.What should you do then ???REMEMBER:Only discuss information relevant to patient careInclude only individuals involved with the particular issueChoose an area that is private to discuss the caseCheck the surroundings to ensure no one will overhear confidential information
31 To see the correct answer, click NEXT. Case ScenarioJennifer, a nurse, and Tom, a physical therapist, are eating lunch together in the cafeteria. They begin discussing a patient for which they are both providing care. The cafeteria is crowded and others overhear them refer to the patient by name.They are violating HIPAA in this situation….True or False?To see the correct answer, click NEXT.
32 Case Answer TRUE NEVER discuss PHI in areas where others may overhear!!If you need to discuss patient care with a co-worker, speak softly in an area away from the public.
33 To see the correct answer, click NEXT. Case and QuestionThe adult daughter of an elderly patient is in the room when the doctor comes in to review the patient’s test results. The patient introduces his daughter and then asks about the test. The doctor proceeds to explain the results in front of the patient’s daughter.The doctor violated HIPAA by talking about the test results with the daughter present in the room….True or False?To see the correct answer, click NEXT.
34 Case AnswerFALSEBecause the patient asked about the results with his daughter in the room, the doctor can assume that it is appropriate to discuss the results in front of her .
35 To see the correct answer, click NEXT. Case QuestionIn the Radiology waiting room, an X-Ray Technologist calls the next patient by saying, “Jane Smith, we are ready for you in the sonogram room.”The X-Ray Tech violated HIPAA by calling out the patient’s name and test to be performed….True or False?To see the correct answer, click NEXT.
36 Case AnswerTRUEHealthcare employees are allowed to call out patient names in a waiting room. However, no other information should be communicated within the public area.The X-Ray Tech should not have mentionedthe room to which the patient was going.Stating, “Jane Smith, we are ready for you now,”is acceptable.
37 Non-Retaliation Policy Every institution is required to have a policy in place to safeguard the rights of a person who, in good faith, reports a privacy violation.Action should not be taken against anyone:Exercising their rights, including filing a complaintFiling a complaint with the Department of Health and Human Services (DHHS)Testifying, assisting, or participating in an investigation, compliance review, proceeding, or hearingThat believes an act or practice is against the lawRemember, anyone reporting a violation must believe there is a problem BUT, they may not use or disclose PHI to address their concern.
38 ComplaintsIf you feel there has been a privacy violation, inform your instructor and they will immediately assist you in contacting the Privacy Officer.You should refer patients who have a privacy concern or complaint to the charge nurse on the unit.
39 SummaryAll health information that specifically identifies an individual (PHI) is considered confidential!Protecting the privacy of patient information is everyone’s responsibility.As a Student Nurse, you are an active part of this program. Be sure to access only the information needed to perform your assigned responsibilities.Be aware! Don’t intentionally or unintentionally disclose PHI ~ Help others do the same.If you suspect a HIPAA violation, notify your instructor who will immediately assist you in contacting the Privacy Office.
40 ~ Memorial Medical Center ~ ~ OSF St. Joseph Hospital ~ Thank You!Thanks to….~ Memorial Medical Center ~~ OSF St. Joseph Hospital ~…for assistance withthis HIPAA module!You are now ready to take the Final QUIZ!