PATIENT CONFIDENTIALITY & HIPAA

Training Objectives Understand the purpose of HIPAA and the Privacy Rule Understand what we must do to comply Understand the term “Protected Health Information” Understand the rules for use and disclosure of protected health information Understand the Notice of Privacy Practices and patient’s rights Understand the patient’s rights with respect to the patient’s medical record Understand that the Hospital may share protected health information under

some circumstances while still complying with HIPAA

What is HIPAA? Health Insurance Portability and Accountability Act • HIPAA was enacted to improve the efficiency and effectiveness of the health care

system

• HIPAA establishes standards for electronically transmitted health information

• HIPAA establishes standards to protect the privacy of medical records and other protected health information

• HIPAA insures the security of health care information

• HIPAA gives patients greater access to their medical records and greater control over how the records are used

• Covered entities under HIPAA include Health Care providers, Health Insurance plans and health care clearing houses

Protected Health Information (PHI)

Individually identifiable health information Relates to the individual’s past, present or future physical or mental

health condition; to the provision of health care to the individual; or to the past, present or future payment for the provision of health care to the individual

Transmitted or maintained in any electronic, written or spoken format

For example, e-mail, fax, on-line databases, voice mail, video/audio recordings or conversations

HIPAA calls protected health information “PHI”

Protected Health Information (PHI) Use and Disclosure

The Privacy Rule prohibits use or disclosure of protected health information unless: It is used to provide treatment, payment or health care operations; or

Its use is authorized by the client; or

Not sharing the information would present a risk to public health or safety (i.e.

disease reporting as required by statute, bioterrorism activities); or

As required by law

Common PHI Identifiers Names

Addresses

Dates directly related to an

individual such as birth date,

admission date, discharge date

and date of death

Telephone numbers

Fax numbers

Electronic mail addresses

Social Security numbers

Medical record numbers

Health plan beneficiary

numbers

Account numbers

Certificate/license numbers

Vehicle identifiers and serial numbers, including license plate numbers

Device identifiers and serial numbers

Biometric identifiers, including fingerprints and voice prints

Full face photographic images

Web URL (Universal Resource Locators & IP (Internet Protocol) Addresses

Any other unique identifying number, characteristic or code

HIPAA-Patient Confidentiality & the Healthcare Worker

We must:

Keep patient information confidential

Share information on a “need to know” basis with others involved in the patients care

Generally this is the patient, the patient’s physicians, the primary caregivers, the patient’s insurance plan representatives

Unnecessary disclosure may cause embarrassment or humiliation, for the patient, as well as violate the law

Discussions about patient information should be held in a private setting

Examples of Good Practice

Speak quietly when discussing a patient’s condition with family members or others

Avoid using patient names in elevators and hallways

Secure documents in locked offices and cabinets

Use passwords and other security measures on computers

Minimum Necessary Standard

Minimum necessary means that the Hospital will limit the sharing of protected health information to the minimum necessary to do the job

Limit who has access to protected health information

Specify the conditions under which this information can be accessed

Employee Access to Health Information

The following employees generally access patient records: Direct Caregivers

Physicians

Hospital Educators

Medical records employees

Infection Control staff

Dietitians

Case Managers/Discharge planners

Risk Manager

PI/QA staff

Social Services

Pictures, Tape Recordings, Videotapes & News Media

Pictures, tape recordings or videotapes of patients cannot be taken without expressed written permission from the patient, guardian, or health care proxy

Consent is not needed when material will be used for the patients own use

Only specific hospital personnel can release patient information to the news media or press concerning a patient’s presence in the hospital and general condition, but only with the patients permission

No statement may be made if a patient was sexually assaulted

No statement may be made regarding patient intoxication or drug use

Patient Confidentiality Rights under HIPAA

The right to have PHI kept confidential

The right to receive Notice of Privacy Practices from the Hospital

The right to request restrictions on certain use and disclosure of PHI

The right to access, inspect and copy health information

The right to amend or correct PHI

The right to receive an accounting of disclosures of PHI

The right to be notified following a breach of unsecured PHI

Notice of Privacy Practices (NPP)

An individual receiving services from the Hospital is entitled to adequate notice of the uses and disclosures of PHI that may be made by the Hospital, the individual’s rights and the Hospital’s legal obligations

The NPP must contain specific language and descriptions of allowable uses and disclosures regarding an individual’s medical information and how they may access their information

The patient may request restriction on certain use of his/her health care information

The patient my request an accounting of disclosures of his/her PHI including the date of disclosure, the recipient, what was disclosed and the reason for disclosure

Quiz

Click the Quiz button to edit this quiz

Go to Transcript