Robert Rock has practiced on a busy medical unit for six years. He recently completed on-line compliance training for the Health Insurance Portability and Accountability Act (HIPAA). To facilitate communication of patient assignments, his team uses the long-standing practice of posting patient names and room numbers, as well as the primary nurse's patient assignment, on a large board located near the nurses' station, which is accessible to both hospital workers and the public.

Patient MW, a victim of domestic abuse, informs Rock that her status as a patient in the hospital must be kept confidential. Rock assures MW that she's safe and that the staff won't share information with anyone who inquires about her. He informs the unit clerk not to release any information on MW, but fails to remove MW's name and room number from the assignment board.

Later in the shift, MW's husband enters the nurses' station and asks the unit clerk for his wife's room number. The unit clerk, following Rock's instructions, states that she has no information on the person named. The spouse, upon looking around the nurses' station, sees his wife's name and room number. He rushes to the room and physically abuses her. The unit clerk calls hospital security, which promptly arrives and escorts the spouse off the unit. He's subsequently jailed for spousal abuse.

[check mark]True or false: This facility offers adequate safeguards to protect the patient's privacy.

Privacy: a patient's right

Right to privacy is an expectation of freedom from unauthorized intrusion or unwarranted publicity. According to the American Nurses Association's (ANA) Code of Ethics, the nurse safeguards the patient's right to privacy. The need for health care doesn't justify unwanted intrusion into the patient's life. The nurse advocates for an environment that provides sufficient physical privacy, policies, and practices that protect information confidentiality. 1 Additionally, most state nurse practice acts delineate under the standards of professional nursing practice that nurses shall implement measures to promote a safe environment for patients.

Protecting the privacy of people who seek care and healing is a major goal of the HIPAA Privacy Rule. Nurses and other necessary persons who need to communicate information that's currently written on the assignment board should develop an alternate strategy of disseminating this information.

[check mark]The major goal of the HIPAA Privacy Rule is to:

a. implement protection policies that meet absolute, strict guidelines.

b. protect the privacy of people who seek medical care and healing.

c. monitor physician practices.

d. eliminate all incidental disclosures about patients.

Covered entities

The broad definition of who's a covered entity in the HIPAA regulation doesn't appear to apply to health care providers in general. Not all providers transmit health information in electronic form in connection with specified financial and administrative transactions. However, the regulation clarifies this common misconception by stating, "Health care providers include all 'providers of services' (hospitals) and 'providers of medical or health services' (caregivers) as defined by Medicare and any other person or organization that furnishes, bills, or is paid for health care."

This definition covers a vast array of health care providers, including nurses. Therefore, become part of the efforts to ensure HIPAA compliance in the facility where you work. Review all common practices in your facility. Do potential breaches of privacy exist? Many facilities hire privacy officers or compliance officers to address the HIPAA regulation policies.

[check mark]True or false: Nurses aren't considered covered entities under the HIPAA regulations.

Disclosures-Incidental or purposeful?

The HIPAA Privacy Rule allows for incidental use or disclosure only to the extent that the covered entity has applied reasonable safeguards. Limit the shared information to the "minimum necessary." Scrutinize your practices for ways to keep private health care information just that-private.

Answers to this month's Legal Checkpoints

[check mark]True or False: This facility offers adequate safegurads to protect the patient's privacy.

False. The most apparent inadequate protection of the patient's privacy was the assignment board. Investigate and implement other ways of communicating this information to health care providers working on the unit. Though Rock communicated MW's desire to withhold information about her to anyone who asked, someone approaching the nurses' station could determine, without inquiring, patients' names and room numbers by reading the assignment board. The unit clerk acted appropriately when she summoned hospital security to remove the spouse. However, both Rock and the unit clerk failed to realize that information concerning this patient, as well as other patients, was publicly accessible simply by visiting the nurses' station.

[check mark]The major goal of the HIPAA Privacy Rule is to:

a. implement protection policies that meet absolute, strict guidelines.

b. protect the privacy of people who seek medical care and healing.

c. monitor physician practices.

d. eliminate all incidental disclosures about patients.

The correct answer is b. See Standards for Privacy of Individually Identifiable Health Information, 45 CFR Part 160.101, or ask the privacy officer in your facility for a copy of the Statutory Basis and Purpose of the HIPAA Privacy Regulation.

[check mark]True or false: Nurses aren't considered covered entities under the HIPAA regulations.

False. Nurses have a vital role in protecting private medical information. See See Standards for Privacy of Individually Identifiable Health Information, 45 CFR Part 160.101, or ask the privacy officer in your facility for a copy of the Statutory Basis and Purpose of the HIPAA Privacy Regulation.

References