What Nurses Assistants Need to Know about HIPAA YAYA Medical Training Institute Health Insurance Portability and Accountability Act (HIPAA) • In mid 1990s Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996. As a step toward portability, HIPAA called for rules that would: • Provide administrative simplification, basically by standardizing the interchange of medical data • Protect patient confidentiality • Protect the security of patient data The law also provided for significant fines for violating standards (for wrongful disclosure of medical data) Purpose of Module : HIPAA • The purpose of this module is to provide the Nurse Assistants with an understanding of what they need to know about HIPAA regulations and how they affect the day-today decisions concerning patient care Objectives of Module • After reviewing this module, you should be able to : • Describe the intent of the HIPAA regulation • Describe how HIPAA affects confidentiality • Describe how HIPAA affects information transfer Introduction • Computers are being used more commonly in healthcare, and proved tremendous benefit • However, there has also been a growing fear that this increasing use of computers for storing – Speed up procedures and transmitting – Ease of communication patient information – Access to patient data may undermine patient – Access to lab findings confidentiality HIPAA • HIPAA addresses these problems along three major avenues: • Administrative simplification • Patient Confidentiality • Data Security Administrative Simplification • This will involve the personnel in information systems, medical records and administration. • However, nurse assistants may be required to use new data gathering tools, new forms or programs due to the HIPAA process • A move to standardize the coding of electronic transfer of data to insurance agencies and other payers will be implemented with the HIPAA Confidentiality • This section will affect nursing greatly – “General rule is that patient authorization is required for any use or disclosure of protected information that is not directly related to treatment, payment or health operations” This is to prevent unauthorized disclosures to anyone outside the agency or within the agency Confidentiality in Special Settings • Home Health – Must not forget that the nurse assistant is not a friend of the patient, but is a caregiver even though the setting is more relaxed. Be careful NOT to reveal confidential information to neighbors, family or friends • Long Term Care – In long term care residents have gotten to know one another, there may be questions about another resident. AVOID discussing a resident’s condition with another resident. Confidentiality in Special Settings Psychiatric /Chemical Dependency Units – The law requires much more stringent protection of privacy in these settings. It is a violation of federal law to reveal or even confirm the identity of a patient in any psychiatric setting or chemical rehab. • Other special Circumstances – HIV – Pregnancy – Sexual Abuse – Rape These patients are may be at risk for breach of confidentiality. Normally parents of minors are automatically given information regarding their child’s condition, but law varies from State to State. Know your state’s law. Reporting Laws and Confidentiality • There are some exceptions to a caregiver’s obligation to keep information confidential – Threats Patients in psychiatric setting sometimes make threats to harm others. DO NOT try to decide if a threat is serious. REPORT any threats to your supervisor immediately. – Suspected Abuse When you encounter any patient who appears to have been physically abused, you have a duty to report your suspicions. Report any suspected abuse to the nurse or call the domestic abuse hotline. Other exceptions to confidentiality Criminal Wounds Gunshots Poisonings Communicable Diseases and Emergency Circumstances Deaths of an Uncertain Nature Report to your supervisor and follow agency/state guidelines How does this affect you? • If you receive a fax, it must be placed in a secured area, face down • DO NOT XEROX portions of the patient’s chart, MAR, Lab/diagnostic findings • DO NOT DOWNLOAD patient information from the computer • DO NOT TAKE any patient information home Who Must Comply? • HIPAA law defines those who must comply as: All persons involved with access to patient information and medical records. (This includes Nurse Assistants and Home Health Aides) • Protected health information includes, but is NOT limited to: • Social Security Number • Name • Address and phone number/ Fax number • Date of birth • Diagnosis • Email address • Medical record number • Any account numbers or patient information identifying the patient Data Security • The third major portion of HIPAA is directly related to confidentiality. This is the maintaining the security of patient data, particularly when it is transmitted outside the institution. • Each agency will have a policy and procedure for the handling of transmission, security of computer systems and codes Penalty • Under HIPAA, civil and even criminal penalties can be imposed on organizations and individuals for wrongful disclosure or other forms of noncompliance. Wrongful disclosure is defined as either knowingly or unknowingly sharing or disclosing information without patient/resident permission. • A facility that does not follow these rules may: – Be responsible for civil penalties and fines that can quickly add up to thousands of dollars. – Be accused of criminal violations that can result in even higher fines and incarceration – Be excluded from participation in the Medicare Reimbursement Program Penalties portion of HIPAA • Civil money penalties are $100.00 per violation, up to $25,000 per year for each requirement or prohibition violated • Criminal penalties are up to $50,000 and one year in prison for certain offenses. – Up to $100,000 fines and up to 5 years in prison if the offenses are committed under false pretenses – Up to $250,00 in fines and up to 10 years in prison if the information obtain is found to be used for commercial advantage, personal gain or malicious harm Conclusion • According to HIPAA legislation, when information must be communicated, you must make sure it is for treatment or billing or other uses within the law and within the policies/procedures of your facility So before you answer the phone when someone asks you if a certain celebrity is a patient in your hospital…think again! You will be violating HIPPA if you do not have the patient’s permission to share that information. References • • • • • • • • • Cichon, T. (2002) Can you pass the HHN’s HIPAA Quiz? Home Health Nurse. 20(6), 400 – 401. How HIPAA will change your practice.(2002) Nursing. 32(9), 54-57. Maio, J. (2003) HIPAA and the Special status of psychotherapy notes. Lippincott’s Case Management. 8(1), 24-29 The New HIPAA Law on Privacy and Confidentiality. (2002) Nursing Administration Quarterly. 26(4). 40-54. Oram, M. (2003) CEU: HIPAA Regulations Update Course # 106 What you need to know about HIPAA. CEU Course: RN.com Wilber, K. (2003) HIPAA Security Requirements: Prepare to Comply. Healthcare. www.medscape.com/view article/448840 Williams, T. (2002) HIPAA… one size does not necessary fit all. Home Healthcare Nurse. 20(4). 221-224 Ziel, S. (2002) Legal checkpoints: Get on board with HIPAA privacy regulations. Nursing Management. 23(10), 28-29