CH 10

Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment for services from insurers, it is necessary to reveal a patient’s name and diagnosis as well as other sensitive Information. C. Information regarding the diagnosis of AIDS needs to be communicated carefully to protect the rights of the patient.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 A. The privacy rule—This rule applies to protected health information (PHI), which includes any identifiable information such as name, age, gender, and diagnosis. B. Denial of the request for privacy—Specific institutions, such as nursing homes, have the right to deny access to information in certain situations to protect their residents. C. Who is affected? 1. Covered entities such as physicians, hospitals, skilled nursing facilities, outpatient rehabilitation facilities, home health agencies, hospice programs, private insurers, ambulance companies, and laboratories. 2. Any entity that submits a bill or receives payment for healthcare or treatment.

D. Unique identifiers for healthcare providers 1. Employer Identifier Standard uses an employer’s tax ID numb 2. Employer Identification Number (EIN), a standard code number, is also used. E. Can public health information (PHI) be de- identified? Yes. F. What are the obligations to the patient under HIPAA? 1. Obligation to obtain consent. 2. Obligation to allow patient to have access to medical information. 3. Obligation to provide only the minimum necessary standard information

E. Can public health information (PHI) be de-identified? Yes. F. What are the obligations to the patient under HIPAA? 1. Obligation to obtain consent. 2. Obligation to allow patient to have access to medical information. 3. Obligation to provide only the minimum necessary standard information

G. What are the penalties for noncompliance with HIPAA? 1. Range from civil penalties of up to $100 per person per incident for minor improper disclosures of health information up to $25,000 for multiple violations in a calendar year. 2. Federal criminal liability carries sanctions (fines) of $50,000 and one year in prison. H. What are the patients’ rights under the privacy standards? Include right to: 1. A copy of the privacy notice from healthcare provider. 2. Access their medical records. 3. Restrict access to others. 4. Ask provider to limit the way healthcare information is shared. 5. Ask for an accounting of who the healthcare information is given to. 6. Ask to be contacted in a certain way (phone or mail). 7. Examine and copy the health information the provider has recorded. 8. Complain to the covered entity and the Department of Health and Human Services if patient believes there is a violation of his or her privacy.

I. Special rules relating to research—Researchers must obtain patient authorization that complies with HIPAA rules or request a waiver of authorization from a privacy board or Institutional Review Board from their hospital or university. J. Problems relating to implementation of HIPAA’s privacy rules—The HIPAA regulations have made some healthcare providers reluctant to release information due to fear of civil or criminal action. K. Misconceptions about HIPAA—The privacy law: 1. Does not prevent physicians or hospitals from sharing patient information with other physicians or hospitals. 2. Does not prevent hospitals from disclosing names of patients to clergy or from keeping patient directories. 3. Allows hospitals or physicians to share information with the patient’s spouse, family members, friends, or anyone the patient has identified as involved in their care. 4. Does not apply to most police and fire departments. L. Recommendations

Ethical Concerns with Information Technology (Informatics)