HIPAA Regulatory Alert: Make these changes to avoid HIPAA violations
HIPAA Regulatory Alert: Make these changes to avoid HIPAA violations
By Kathleen Catalano,
RN, JD
Director of Regulatory Compliance
Provider HealthNet Services
Addison, TX
If you don’t comply with HIPAA privacy regulations, you may face civil penalties of up to $25,000 for each requirement violated, and criminal penalties of up to $50,000 and one year in prison for obtaining or disclosing protected health information.1,2
The regulations are not going to go away. They require a culture change on the part of each and every ED in the way care is rendered.
The best way to avoid problems with HIPAA is to objectively look at your own actions as you carry out your duties in the ED. Here are changes to make immediately:
• Never use a patient’s health information inappropriately.
You may divulge only information that is necessary to diagnosis or treat the patient. For example, if a delirious patient tells you that he has just gambled away the family’s life savings, when giving the report to the next shift, you would relay information about the patient’s vital signs, delirium, and the fact that the patient was ranting and raving. The specifics of what were said would not be given.
In the past, a family would bring their aging mother to the ED and wait until the nurse came out to tell them about their mother’s condition. That practice no longer will be acceptable. Now, as long as the patient is lucid and able to make the determination, he or she will be asked to designate a member of her family to receive updates.
What if the patient is not in a condition to designate someone? You can assume that it is very likely that the person accompanying the patient to the hospital did so at the patient’s request and/or because of a relationship. For example, a husband brings his wife into the ED. His wife is unable to focus and seems confused. It is very likely that the wife would want her husband to be kept abreast of her condition. Again, you should provide only the minimal amount of information that is necessary.
• Don’t allow others to hear confidential information.
Protection of health information is very difficult in the ED due to cramped space, lack of auditory privacy, and because of the crisis mode that seems to be the norm.
It is easy to forget that there is another patient on the other side of the curtain and that what you’re saying is in all likelihood being overheard by many individuals. In many EDs, the patient rooms circle the nurses’ station. Thus, if family members stand outside of the patient’s room, they often can hear much of what is being said.
Do you talk about one patient when you’re in the presence of another patient or the other patient’s family? We forget about people overhearing our conversations because we are in the treating mode. As caregivers, we must get a patient’s medication stat and there’s not much time to think about hushed voices or whether someone is observing what we’re writing.
Sit back, watch and listen. Do you hear staff talking about patients in an inappropriate manner?
If you overhear inappropriate statements, you can do several things. You could report it to your nurse manager or ED director, discuss it with the person making the statements, or call your compliance hotline and give a description of what occurred so that the issue will be addressed.
Protecting privacy
• Make sure that patient information is not visible to others.
You often can improve the privacy in your ED simply by changing the location of objects. Here are some examples:
— Computer monitors and fax machines. Can a patient’s medical records be viewed by people who have no right to the information? If so, move the computer or monitor to conceal protected information.
If individuals other than caregivers can see documents being faxed, the machine should be moved.
— Documents at the nurses’ station. Are papers such as the operating room schedule visible if you stand at the nurse’s station? If so, keep materials in a closed folder or turn them over so they aren’t visible for all to see.
• Find a way to protect privacy at triage.
Do patients have vitals taken and an assessment performed in front of registration clerks? When the patient answers questions posed by the triage nurse, can the responses be heard throughout the ED lobby? A door or curtained windows are good solutions, but they need to be shut whenever a patient is being triaged.
• Change the flow of traffic in your ED.
Think about the configuration of your ED. Is there a different way to route families and visitors so they don’t hear and see everything that is occurring in the ED? See if you can change that flow. Just because it’s never been done, doesn’t mean it shouldn’t be done.
[Editor’s note: Catalano can be reached at Provider HealthNet Services, 15851 Dallas Parkway, Suite 925, Addison, TX 75001. Telephone: (972) 701-8042. Fax: (972) 385-2445. E-mail: [email protected].]
References
1. 45 CFR §160.306 and §160.312 (2000) for Civil Enforcement.
2. 42 USC 1320d-6 (HIPAA Sec. 1177) for Criminal Enforcement.
If you dont comply with HIPAA privacy regulations, you may face civil penalties of up to $25,000 for each requirement violated, and criminal penalties of up to $50,000 and one year in prison for obtaining or disclosing protected health information.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.