Is your patient care in conflict with HIPAA?
Is your patient care in conflict with HIPAA?
Are you worried that your patient care is in conflict with requirements of the Health Insurance Portability and Accountability Act (HIPAA)? If so, you’re not alone.
"There is a lot of confusion about what is required in the ED," says Michael Lowe, JD, an Orlando-based health care attorney who specializes in compliance with federal regulations. Penalties for violations of HIPAA are severe, with civil penalties up to $25,000 for each requirement violated, and criminal penalties of up to $50,000 and one year in prison for obtaining or disclosing protected health information.
And if you violate a patient’s privacy, you could have a lot more than HIPAA to worry about, warns Lowe. "You could face disciplinary action from your state licensure board, depending on your state’s laws," he says. In addition, a patient could file a privacy lawsuit and name you as a defendant, he adds.
To avoid violations of HIPAA, do the following:
• Protect your computer screen from prying eyes.
You must take reasonable safeguards to prevent disclosure of confidential patient information, so use screensavers and passwords, says Lowe. Staff should have controlled access, and screens should be turned around so they don’t face patients or visitors, he says.
These are simple things, but they must be done, he says. "Space may be a constraint, but you shouldn’t have computers out where everyone can see them," says Lowe.
At Cocoa Beach, FL-based Cape Canaveral Hospital’s ED, the settings on the computers have been adjusted so that those at the bedside automatically go to a screensaver mode in three minutes when not in use, says Stacey Westphal, RN, MS, CEN, the facility’s clinical educator of emergency services.
"With computers in all areas of the ED, anyone could sneak a peek without safeguards," Westphal says. The computers at the nurses station have a longer time out of five minutes, because the public does not have access to these, she adds.
Nurses immediately sign off when documentation is completed, which automatically places a sign-in screen in front of confidential information, but if this step is forgotten, the auto screensaver is activated, Westphal explains.
"Once the program goes to the screensaver mode, you need a dual password to gain access to patient information," she says. Nurses must enter both an alphanumeric user ID and a password, she explains.
• Ensure that only authorized staff view medical records.
Weekly audits are done to see who has accessed the medical records of patients, says Westphal. "This way we can see if unauthorized eyes have viewed the chart," she says.
Chart audits to check for unauthorized access are done on a weekly basis by Westphal or the ED’s health information analyst, she says. "We have a program that prints out names of patients that were made confidential during their visit here," she says. "We look at these charts and additional ones at random."
A list is printed in chronological order of everyone who viewed the chart, printed the chart, viewed the information summary card after discharge, or viewed the completed chart on-line after the patient is discharged, says Westphal. "We then compare those names with staff that had reason to go into a record," she says.
Any employee name that appears on the chart access list without authorization to view the patient’s record is investigated by the facility’s informatics technology department, says Westphal. "Termination is a possible outcome," she adds.
• Give patients the option of confidential status.
The patient’s first name and chief complaint are blocked out on the main patient tracking board, says Westphal.
"Radiology, volunteers, and other departments use this board as a patient locator, and they do not need to know information about other patients," she explains.
In addition, the words "confidential patient" are used instead of the patient’s real name if individuals want anonymity, such as patients who don't want their family members, who are hospital employees, to know they're being treated in the ED, says Westphal. "For example, we had a 19-year-old female come in with an overdose. She did not want her dad, who works at our facility, to know she was here," she says.
The "confidential patient" wording is used instead of the patient’s name whenever nurses feel the need conceal the patient’s identity, says Westphal. "We use it for patients that come in following a sexual assault," she explains. "If Gov. Jeb Bush came in, he would be a confidential patient."
For patients who don’t want anyone to know they’re in the ED, the "@" symbol is put next to their name in the patient’s charts, which means that visitors and callers are to be told the patient is not there, she says.
For example, a man came to the ED requesting admission at a local psychiatric facility, recalls Westphal. "He was separated from his wife and did not want her to know he was here or that he wanted to be admitted for psychiatric care," she says. "She came here looking for him, and we told her he was not here."
While HIPAA doesn’t directly address giving a family member inaccurate information, it does specify that you must protect a patient’s request for confidentiality, says Lawrence.
If you do tell an inquiring family member or friend that the patient is not in the ED, ask if there is something the ED should know if the patient does show up, suggests Jonathan D. Lawrence, MD, JD, FACEP, an ED physician and medical staff risk management liaison at St. Mary Medical Center in Long Beach, CA. "That way, significant history would be obtained without letting the caller know the patient is in the ED," he says. "Also, asking the caller for a callback number might be useful."
Are you worried that your patient care is in conflict with requirements of the Health Insurance Portability and Accountability Act (HIPAA)? If so, youre not alone.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.