confidentiality hipaa. confidentiality to put it simply, everything regarding patients is...

Confidentiality

HIPAA

Confidentiality

To put it simply, everything regarding patients is confidential, especially if it is in the patient’s chart.

The rule of confidentiality is extended to everyone who has access to the chart.

The patient’s record is a legal document and is not the place for stories, complaints or jokes

Confidentiality

Willfully entering incorrect information into a patient’s record legally constitutes fraud and is a complete breach of professional ethics.

Information therein should never be discussed in public

Failure to follow these rules can lead to legal action for breach of confidence

AS YOU LEAVE WORK OR YOUR CLINIC…….

Follow this rule!

What you see here What you say here What you learn here

LET IT STAY HERE WHEN YOU LEAVE HERE

HIPAA

Health Insurance Portability and Accountability Act

What is HIPAA?

A federal law designed to protect health information

Went into effect April 14, 2003 Everyone who has access to a patients

health information is required to follow rules related to sharing of that information.

Non-compliance with the law can result in fines or criminal penalties.

Privacy Rule:Cause for Concern

• 1 in 5 American adults believes their personal medical information has

been disclosed improperly

• Half of these people believe that it resulted in personal embarrassment or harm

California HealthCare Foundation

Survey conducted by Princeton Survey Research Associates, January, 1999

1 in 7 Americans has tried to keep their medical information confidential

• Withhold information• Provide inaccurate information• Doctor-hop • Pay out-of-pocket for care • Avoid care altogether

California HealthCare Foundation Survey conducted by Princeton Survey Research Associates

January 1999

Privacy Rule:Cause for Concern

Cause for Concern A hospital in Montana posted the psychiatric records of

dozens of children on its public web site, where they remained until discovered by a newspaper reporter.

In Jacksonville, FL, a woman brought her teenage daughter to work and left her unattended at a logged in computer. The girl looked up patient phone numbers, and phoned to tell them that they’d tested positive for HIV. One patient attempted suicide.

In Miami, Florida, several hundred hospital workers browsed though the records of a famous patient who had recently come to the facility.

Civil/Criminal Penalties

$25,000 for multiple violations of same standard in a calendar year

$250,000 and/or imprisonment up to ten (10) years for use of PHI for commercial advantage, personal gain, or material harm

Permitted Disclosures

Patient

Personal Representative Examples:Legal guardianPower of attorneyFamily, Relative, Next of Kin

Permitted Uses and Disclosures of PHI

Permitted:Treatment

Payment

Health Care Operations

TreatmentProvision of health care by

providerCoordination of health care

among providersReferral of patient from one

provider to anotherCoordination of health care or

other services with 3rd parties if authorized by patient

PaymentDetermining coverage of health

benefit claimsBilling, claims management and

medical data processingReview of health care services

with respect to medical necessity, coverage, appropriateness

Utilization review activities

Health Care Operations

Quality assessment and improvement

Legal servicesEvaluating performance of health

care professionalsTraining future health care

professionalsGeneral administrative functions

Patient Authorization

Must get authorization for all other uses such as: Marketing Clinical research Mental health Substance Abuse HIV Any others

Patient Rights Confidentiality of PHI Privacy Notice Request Restrictions Confidential Communications Access to Medical Record Accounting of Disclosures Amend/Correct Medical Record File a Complaint

What is Protected Health Information (PHI)?

Individually identifiable information

Health information Demographics ANY form or medium

Oral Written Electronic

Name Photograph Social security # Finger prints Health status Admission date Diagnosis Medical record # Address Birth date Telephone # Fax # Email

Suggestions

IF you are unsure if disclosure of health information is permitted, it is best to get authorization from the patient first.

Become familiar with your employers standard operating procedure related to HIPAA

Become familiar with your employers privacy forms.

Patient Rights:

Confidentiality

Confidentiality of PHI Never share PHI

unless job related

Internet Social Networking Sites such as My Space or Facebook etc

Be careful not to mention any patient information on those sites

Do not ask a patient to join your friends list

Patient Rights:

Confidentiality

Confidentiality of PHI Access PHI on need

to know basis

Dispose of PHI confidentially

Patient Rights:

Confidentiality

Telephone- Calls to Patients Appointment

reminders Voice message Leaving information

with family Check to see patient

preference

Patient Rights:

Confidentiality

Telephone- Calls from Family/Friends

What can be shared Professional

judgment Use Privacy Rule

when uncomfortable

Patient Rights:

Confidentiality

Security Walk through with

critical eye Patient schedules Simple changes “Reasonable” Increased

awareness

Patient Rights:

Confidentiality

FaxingPre-callCover sheetCall if error

occursDisposal

Patient Rights:

Confidentiality

Email Non-secure Patient consent Subject line Security

regulations

Patient Rights:

Confidentiality

Incidental Disclosures

Calling out patient’s nameSign-in sheetReasonableLimit where possible

Patient Opportunity toObject or Agree

Disclosing PHI to family, friends, others assisting in patient’s care Patient present/conscious

Verbal agreement Opportunity to object Use professional judgment

Patient not present/unconscious Best interest of patient Relevant to person’s involvement

Disclosure of PHI Must verify identity and authority

before disclosing

If not known to you require: ID/badgeVerbal affirmationsLegal documentation

Use professional judgment

Patient Rights:

Privacy Notice

Patient has the right to receive a notice of privacy practices

Given to every patient at first encounter

One time – document Acknowledgment form – to be

filed

Patient Rights:

Privacy Notice

Notice describes:How medical information is used

and disclosed by covered entitySummary of patient rightsWho to contactHow to file a complaint and ask

questions

Patient Rights:

Request Restrictions

Informal Ask caregiver to restrict what is told to others Caregiver uses professional judgment Inform patient of their decision Applies to current episode of care

Formal Refer to Privacy Officer In writing 30 days

Patient Rights:Confidential Communications

Receive communication at alternate addressNo reason givenAdministratively reasonable

Patient Rights:

Access to PHI

Access or inspect their medical recordView with staff presentObtain copies30 days

Disclosures Permitted with no need for authorization

from patient Required by law Public health activities Health oversight agencies Victim of abuse, neglect Law enforcement purposes Organ donation To avert serious threat to health or safety Specialized government functions Workers compensation

Patient Rights:Corrections/Amendments

Informal process: Correct medical record For inaccurate information Use professional judgment

Formal process: Amend medical record In writing Determination based on

circumstances

Patient Rights:

File a Complaint

Privacy Officer Secretary of Health

and Human Services

Patient Rights:

Confidentiality Big Daddy, super sports star, was injured during

a game and comes to your practice wanting to get some emergency dental work. All your friends are begging you to find out more information about what happened to Big Daddy. Your position gives you access to patient records and it would be easy to find out everything everyone is curious to know. Big Daddy won't know or care. He might even have be pleased to know that everyone is so concerned about him. Plus, some of the information will come out in the press in a few days anyway. What do you do?

Patient Rights:

ConfidentialityA. Sneak a peek at the chart but refuse to share any

information with friends.B. Sneak a peek at the chart on your own personal

time and share only information that will become public anyway.

C. Explain to friends that a professional in any health care institution cannot look at patient records without a good reason to know the information for health care or billing purposes.

D. Explain to friends that the institution has an audit system that will track anyone who looks at the patient’s record and that you will lose your job unless you had a good reason to look at the chart.

Patient Rights:

Confidentiality You are a health care professional caring for Mr.

Linn, a patient. Dr. Herra approaches you and asks to see Mr. Linn’s chart. She is not his physician but is his next door neighbor. “I just want to know what he has so I can help,” she explains. What do you do?

A. Hand over the chart so she can help manage his care. She’s a doctor and knows what she’s doing.

B. Smile and ask, “Do you have his permission?”C. Hand over the chart and tell your supervisor what

happened.D. Ask Dr. Herra to complete an acknowledgment

releasing the medical record to her.

Patient Rights:

Confidentiality You are a health care professional caring for Mr.

Linn, a patient. Dr. Herra approaches you and asks to see Mr. Linn’s chart. She is not his physician but is his next door neighbor. “I just want to know what he has so I can help,” she explains. What do you do?

A. Hand over the chart so she can help manage his care. She’s a doctor and knows what she’s doing.

B. Smile and ask, “Do you have his permission?”

C. Hand over the chart and tell your supervisor what happened.

D. Ask Dr. Herra to complete an acknowledgment releasing the medical record to her.

Patient Rights:

Confidentiality

You attend a weekly meeting where a list of patient names, medical record numbers and diagnoses are distributed for purposes of discussion. After everyone else leaves the meeting you notice that several copies of the patient list are still on the table. What do you do?

Patient Rights:

Confidentiality

A. Toss them in the wastebasket to make sure the next group using the room doesn’t see them.

B. Alert the person who distributed the list to make sure the problem doesn’t happen again.

C. Pick up all the copies and dispose of them confidentially to make sure the information does not become public.

D. Pick up all the copies, dispose of them confidentially, and raise the issue of privacy practices at the next meeting.

Dr. Good is discussing a patient’s care with a nurse just outside the patient’s door. Another patient wandering in the halls hears what is being said. Dr. Good later discusses the case in the elevator with Dr. Timely. Everyone in the elevator hears the conversation. Has Dr. Good violated the privacy regulations?

A. No, because the privacy regulations only cover written or electronic information.

B. No, because the regulations allow health care providers to discuss anything they want, anywhere they want.

C. Yes, conversations about a patient should occur only where there is no possibility of being overheard.

D. Maybe. It depends on whether Dr. Good could reasonably have found more private times and places to discuss the case.

Helpful Websites

http://www.hhs.gov/ocr/newfaqOCR frequently asked questions

http://privacy.med.miami.edu/index http://policies.uihc.uiowa.edu http://www.wedi.org/snip

QUESTIONS?

confidentiality hipaa. confidentiality to put it simply, everything regarding patients is...

Documents