Add to collection(s) Add to saved
  1. Science
  2. Health Science

HDH Patient Privacy and Confidentiality

advertisement 
EMS Clinical Rotation Policy and Guidelines
PATIENT PRIVACY AND CONFIDENTIALITY
Objectives
At the completion of this study packet, the participant will:
 Have a basic understanding of HIPAA Privacy Standards
 Be able to provide examples of patient privacy protection
 Be able to define Protected Health Information (PHI)
 Have a basic understanding of the role of the Facility Privacy Official (FPO)
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 deals with patient privacy,
security, and other requirements that includes punishment for anyone caught violating this law.
This federal law has both civil and criminal penalties. Criminal penalties can be up to $250,000
and/or up to 10 years in prison.
Privacy and Confidentiality
All patients within our hospitals have a Right to Privacy. With the new HIPAA regulations
regarding patient privacy, confidentiality is being taken a step further. Regardless of your role in
the healthcare setting, you must receive training about the obligations we have regarding
privacy of health information. It is important to understand confidentiality and privacy.
Privacy and confidentiality means that patients have the right to expect that their protected
health information remains private and limited to those with the need to know. The information
should remain private whether spoken aloud, written or saved on a computer.
Protected Health Information (PHI)
PHI includes, but is not limited to:
 Name
 Address
 Age
 Why the patient is being treated
 Medications
 Notes written about the patient
 Past health conditions
 Account number
 Unit/medical record number
 Social security number
 Photographs
 Birth date
All duplicate papers/forms that display patient information must be shredded. All original
papers/forms must be returned to the HIM department.
Protecting Patient Privacy
Much of this is common sense! Knock on doors, pull the curtains when talking to a patient, and
don't talk about patients in public areas (elevators, cafeteria). If visitors ask about a patient,
direct them to the patient information desk. The patient information desk will have access to
information contained in the hospital directory. This information includes the patient name,
location, and condition in general terms. This information is available to anyone who asks for
the patient by name, unless the patient chooses to restrict that information.
Even the trash! Patient information should be disposed of in proper containers not in the regular
trashcan. If you suspect a violation notify your supervisor and/or the Facility Privacy Officer
(FPO).
Facility Privacy Official (FPO)
Each facility is required to have an FPO. This person not only is responsible for making sure
that the rules and regulations are followed but also responsible for facility wide training and
development, and enforcement of policies and procedures.
Patient Complaints/Concerns/Grievances
The patient has the right to voice complaints without compromising care concerning quality of
care, customer service, and timeliness of service or privacy. Concerns should always be taken
seriously and addressed as soon as possible. Privacy questions and concerns should be
directed to your supervisor or the FPO. Information obtained from concerns, complaints or
grievances is a vital part of the facility's efforts to improve patient care and enhance customer
satisfaction. It is the policy of this Hospital to promote quality care and patient satisfaction by
analyzing concerns, complaints, or grievances from patients, family members or other
responsible parties involved with patient care.
Breaches in Confidentiality
Breaches in confidentiality may occur in many situations. Help protect confidential medical
information by paying close attention to what you say or read, why you say or read the
information, and where you say or read the information. The most common ways patient
confidentiality is violated are:
1. Discussion of patient information in public places, or with inappropriate or unauthorized
individuals.
2. Print or electronic patient information that is left exposed where visitors or unauthorized
individuals can view it.
3. Records that are accessed without the need to know in order to perform their job duties.
4. Unauthorized persons hearing patient-sensitive information.
Need to Know
A very important question you need to ask yourself is "Do I need to know this type of information
in order to do my job?" If the answer is NO, stop what you are doing! Access only what you
need to know.
Patient Privacy Protection:
All information is confidential in any format, paper, oral and electronic communication. Each
staff member is responsible for maintaining compliance with appropriate access and Privacy
Policy Procedures.
Appropriate Access:
Access will be granted for an individual to provide and/or support quality patient care processes,
as defined by an individual's professional responsibilities to the patient and the facility.
Employees will collect, dispose, process, view, maintain and store patients' clinical and financial
information in an honest, ethical and confidential manner. It is every employee's responsibility
to maintain patient confidentiality. Again, you need to ask yourself: "Do I need to know this type
of information in order to do my job?" If the answer is NO, then it is not appropriate to view the
information.
If a patient or family member would like access to the medical record during their hospital stay,
notify the attending physician and then consult with HIMS Director. The HIMS Director or
designee will verify which forms/authorization will need to be completed and ensure verification
of requestor.
Notice of Privacy Practice:
All patients will receive a copy of the Notice of Privacy Practices upon registration. They will be
required to initial a section in the Conditions of Admission to indicate receipt of the brochure.
Notice of privacy practice states the hospital may use or disclosure patient health information for
treatment, payment and healthcare operations.
Patients have specific health information rights, which include:
 Right to Access
 Right to Amend
 Right to an Accounting of Disclosure
 Right to Opt out of the Directory
 Right to Request Restrictions
 Right to Request Confidential Communications
 Right to Obtain our Notice of Privacy Practices
Right To Access
A patient has the right to access/copy their health information. The patient/requestor must
complete/sign an authorization before information can be copied/accessed. This information is
contained in the Release of Information policy. Before records are released the requestor must
be verified. The patient's physician can deny access to the patient if in his/her opinion, the
furnishings to or review by the patient of such records would be injurious to the patient or well
being.
Right To Amend
A patient has the right to request an amendment to their health information in the designated
record set (DSR). This might include the addition of information, or an explanation of
information already contained in the DSR. The right to amend does not permit deletions or
removal of information from the DSR.
Requests to amend should be forwarded to HIMS department for processing. The request must
be in writing from the patient/responsible party. We must respond to the patient request within
60 days. We can deny the request for amendment if it meets specific requirements.
Right to an Accounting of Disclosures (AOD)
A patient has the right to an accounting of disclosures for protected health information made by
a hospital except for disclosures to carry out payment, treatment, and healthcare operation or
pursuant to an authorization. The hospital has 60 days to comply with the written request for
accounting of disclosures by the patient. Several examples of AOD are reporting of births,
deaths, congenital anomalies, cancer registries, or communicable disease, etc.
Right to Opt Out of the (Hospital) Directory
When a patient is admitted to the hospital s/he will be notified via the Notice of Privacy Practices
that we include certain limited information about them in the hospital directory. The information
may include their name, location in the hospital, general condition (e.g., fair, stable, etc.) and
religious affiliation. This information may be provided to members of the clergy and, except for
religious affiliation, to other people who may ask for them by name.
If a patient wishes not to be listed in the hospital directory s/he may opt out by completing the
Directory Opt Out Form. The Directory Opt Out Form will notify the patient by invoking this
patient right that phone inquiries and visitors will be told I have no information about this patient,
and that no deliveries will be forwarded to the patient including cards or flowers. The patient is
then placed in “Confidential Status". In the event that a patient chooses to opt out of the
directory after registration, a Directory Opt Out Form must be completed and a copy forwarded
to Patient Registration for action. Patients who Opt Out of the Directory will appear in the
patient directory as Confidential patients.
Right to Request Restrictions
A patient can request a restriction of their PHI. These requests must be in writing and
forwarded immediately to the Facility Privacy Officer for review. Only the FPO or his designee
may review and act on a request for restriction.
Right to Request Confidential Communications
A patient has the right to request Confidential Communications by alternative means or to
alternative locations. Requests for Confidential Communications must be accommodated by
the hospital if reasonable. Confidential Communications pertains to all future correspondence
and communications related to the specific visit(s) stated in the request.
Verify Requestor
It is every employee's responsibility to verify the identity of any person or entity outside the
facility that is unknown to the employee and who is requesting protected health information
(PHI) either in person, verbally or via written request. Each patient will be notified at registration
that the hospital will use a password to verify that the individual calling is authorized to receive
information beyond that which is available in the directory.
The password will be the last four digits of the patient's Account Number. This number is readily
available to the patient and all clinicians. Family/friends requesting updates on a current patient
must give the patients last four digits of the Account number. It is the patient's responsibility to
give this information to family/friends.
The exceptions to the verification requirement are:
1. Release of information from the hospital directory to visitors requesting the patient by
name (the patient has opted in our facility directory).
2. Release for disaster relief purposes; and
3. Release for purposes of care and notification purposes, which may include:
a. Use or disclosure of protected health information to notify a family member, a
personal representative of the individual, or another person responsible for the
care of the individual, of the individual's location, general condition, or death; or
b. In the event of an emergency or the patient's incapacity, professional judgment
should determine whether the disclosure is in the best interests of the patient's
and, if so, disclose only the protected health information that is directly relevant
to the person's involvement with the patient's health care without verification of
the requestor.
Approved methods of identity verification are any one of the following three options:
1. Valid State/Federal Issue Photo ID (i.e.: passport, driver license, etc).
2. Requestor is able to provide a minimum of three information items from the "acceptable
identifiers" list. The information can be provided in written or verbal fashion.
a. Patient Social Security (required) and
b. Patient Date of Birth (required) and
c. Any one of the following:
i. Account Number
ii. Street Address
iii. Insurance Carrier Name
iv. Insurance Policy Number
v. Medical Record Number
vi. Birth Certificate
vii. Insurance Card
3. Positive match of signature to a signature on file e.g., request received from patient via
fax or mail and signature is compared to patient signature on conditions of admission.
4. Unacceptable forms of identification for requestor verification are:
a. Employment ID
b. Student ID
c. Membership ID Cards
d. Generic Billing Statements (utility bills)
e. SSI Card
f. Credit Cards (photo or non-photo)
In the event that there are insufficient acceptable identifiers available for verification of
requestor, individuals releasing the PHI should use their professional judgment to determine
whether or not to permit the release.
The HIMS department can be contacted for assistance. The actions taken and the reasons for
that action should be documented.
You should now have a basic understanding of HIPAA Privacy Standards and how they pertain
to patient privacy and confidentiality. If you have any questions, please refer them to the charge
nurse or clinical liaison.
Related documents
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
New Patient Information Form
New Patient Information Form
Acknowledgement of Privacy Practices
Acknowledgement of Privacy Practices
Project Suggestions
Project Suggestions
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
G2Endo Endocrinology & Metabolism
G2Endo Endocrinology & Metabolism
Download
advertisement