Privacy , Security and Patient Rights

The Health Insurance Portability and Accountability Act (HIPPA) is a Federal Law Created in 1996 to safeguard information and ensure patient privacy. Three major things were accomplished with this law.

1) Placed limits on how confidential health information can be shared with others.

2) It also established patient rights to control the sharing of their health information

3) Put safeguards in place for confidential health information collected, maintained, used, or transmitted in electronic form.

 Many people do not know the difference between privacy and security. I will now define these so that you now know the difference.

PRIVACY- Refers to WHAT is protected. Information about the individual and the determination of WHO is permitted to use, access or disclose information.

SECURITY- Refers to HOW this information is being safeguarded-ensuring privacy by controlling access to information and protecting it from inappropriate disclosure and accidental or intentional destruction or loss. 

What is considered confidential health information?

All information about a patient is considered confidential, including information that:

• Is created or maintained in ANY format

• Relates to the patient’s past, present or future medical condition, treatment or payment for care

• Identifies the patient or could be used to identify the patient 

In what ways can confidential information be shared?

The information should only be shared with those who essentially “need to know” in order to care for the patient. There are two ways this information can be shared.

USE:  The sharing of confidential health information within the organization

DISCLOSURE: The sharing of confidential health information with others outside the organization

Are there exceptions to the rule?

In certain situations, the disclosure of confidential patient information is permitted without written permission, but we must note the disclosure in the patient’s record. Some examples of these types of disclosures include:

• For public health and oversight activities 

• When required by law 

• To carry out special government functions

  *There are specific guidelines to follow when providing information under these special circumstances – always check with your supervisor for guidance.

 

Can a patient place restrictions on the disclosure of their confidential health information?

In special situations, the patient can request that some of their confidential health information not be shared, such as:

• For Patient Directory purposes

• Fundraising, Promotion Events etc.

• To a patient’s family & friends involved in care

• To others involved in payment for care

 What rights do patients have to control the sharing of their confidential health information?

  Patients have the right to:

• Inspect and copy the medical record

• Amend the medical record

• Receive a list of certain disclosures

• A copy of the Notice of Privacy Practices

• Request confidential communication

• File a complaint with the Secretary of the Department of Health and Human Services

The sharing of confidential health information related to certain treatments and services are afforded a higher level of protection

• Alcohol/Substance Abuse
• Child Abuse
• Mental Health
• Genetics
• HIV-Related Information

Patients expect privacy when they are receiving healthcare. Patients also expect that their confidential health information will be appropriately protected. Examples of safeguards that help to ensure confidentiality are:

•  Shred all paper containing confidential health information or place in closed receptacles

• When faxing, verify the fax number before sending

• Close doors or privacy curtains when having discussions of confidential health information

•  Do not leave medical records unattended or in open areas

·        

SECURE YOUR COMPUTER ACCESS!

Patients expect their confidential health information in our computer systems will be appropriately secured. Examples of computer safeguards to secure our information include:

• Protect your access by not sharing your account and/or password with others

•  Do not write down or post your password on computer systems

•   Never leaving a workstation signed on or left unattended with access to confidential health information

•  Access information in computer systems when you have a need-to-know the information

• Never disable or remove the virus detection software

Q: WHOSE RESPONSIBILITY IS IT TO SAFEGUARD INFORMATION AND SECURE CONFIDENTIAL INFORMATION??

A: EVERYONE’S!!

References: http://www.hhs.gov/ocr/privacy/index.html , http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html, http://www.hippa.com/