HIPAA for Nurses – Guide of Do’s and don’ts

The maintenance of HIPAA has to do with the protection of patient privacy. This means being aware of how, when and with whom the data is shared. A conscious effort should be made to ensure that health information is shared only when necessary. In general, taking this into account will help to avoid most mistakes. But there are some potential pitfalls that we will describe below. These tips are a good basis for a general guide on HIPAA for nurses. But check your employer’s policies and guidelines to make sure you are complying with all the rules and standards.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) Act helps keep your medical information private. HIPAA requires that providers, such as doctors, nurses, pharmacies, hospitals, and nursing homes, keep your medical information private.

Federal law protects your medical information electronically. It requires that organizations covered by HIPAA maintain the privacy of electronic health information. Groups that must follow HIPAA laws include medical insurance and most health care providers. Federal law also helps keep the information that health care providers discuss with each other private.

To whom does the HIPAA Law apply?

To all those entities that electronically transmit or store health information, such as:

• Most doctors, nurses, pharmacies, laboratories, hospitals, clinics, nursing homes, and many other health care providers.

• Health insurers, health conservation organizations, and most employers’ group health plans.

• Government programs that pay for medical care, such as Medicare and Medicaid.

Who is allowed to access the patient’s medical information?

Some people will say that they do not want their information to be shared with “anyone”. But when asked directly about a specific person, such as a trusted spouse or friend, they authorize it. If your family member has refused to allow “someone” to have information, ask the healthcare professional to ask specifically about you.

Doctors and other healthcare professionals may share medical information with family caregivers or others directly involved in the care of a patient, if the patient is awake, their understanding of the situation is reasonable and they have the possibility to refuse. HIPAA law requires health professionals to use professional judgment to decide what should be shared.

However, if the patient says he or she does not want this information to be shared with others, then health professionals cannot share the information.

Doctors can share medical information with the nursing staff, therapists and other health professionals of the patient’s medical team. This is important for good patient care and is not affected by HIPAA.

If the patient is not present (such as when he is in surgery), is unconscious, delusional or has dementia (which alters the person’s ability to understand and make decisions), then HIPAA requires health professionals to use good professional judgment about which family caregivers should be told what information and in what decisions they should be involved.

It is possible to share patient information with health insurance, regulated long-term care plans (MLTCs) and state and federal agencies. This is required for the coordination of care and payments.

What does the HIPAA Act require of health service providers?

Health service providers must:

Guarantee the patient’s privacy rights. Adopt written privacy procedures that include: who has access to protected information, how it will be used and when it will be disclosed. Ensure that business associates protect the privacy of health information. Teach employees and employees the privacy procedures of the provider. Appoint a privacy officer responsible for the security procedures are followed.

What is the health information that needs to be protected?

It is defined as any health information that identifies the person referred to (name, social security, etc.) and that is transmitted electronically or kept on paper by an entity to which the HIPAA Law applies.

Common HIPAA violations

Inappropriate Disposal

It’s easy to avoid getting rid of protected health information, but it’s also surprisingly common. Many photocopiers have a hard drive that saves a certain amount of recent files. If someone accesses that memory and is not supposed to have that information, it is a violation of the HIPAA law. The same goes for documents destroyed incorrectly. The basic rule to consider when disposing of anything that has protected health information is to destroy or completely clean the device’s hard drive or destroy documents.

Disclosure to third parties

Third parties are often billing companies or other businesses that help the hospital or small clinic run smoothly. Any company that comes into contact with patient information is responsible for complying with HIPAA policies, and the agency’s common provision in the general HIPAA ruling means that hospitals and medical personnel are now responsible for compliance of HIPAA by third parties. A commercial company in which a third party causes errors can pursue the health care provider again, so make sure that everyone who has access to protected healthcare information complies with HIPAA.

Unsafe records

To prevent theft and unauthorized access, HIPAA requires that all electronic and paper documents or other files containing PHI be stored in a secure area. This means that any type of file cabinet needs to be locked. The office or building needs to be locked or secured when staff is not present. These seem simple things to remember, but mistakes happen.

If you wish to refresh your knowledge about HIPAA, FreeIpa.org has educational programs for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules. The webpage offers each of these programs free of charge through downloadables PDFs and webinars.

We may get tired of hearing about it, but the reality is that HIPAA is here to stay. Laws are only going to be stricter. And the public is only going to demand more when it comes to their personal health records.

Join MEDIjobs to get more articles like this.