A few months ago I found this quote that lovingly explains what a nurse is.
“A nurse is:
- A person who cares for patients they’ve never met before.
- A person who witnesses life and death before their eyes every day.
- Someone who gets yelled at daily, simply for doing their job.
- Someone who arrives at work early and leaves late.
- Someone who rarely receives a thank you. “
The quote does a good job of highlighting the selflessness and importance of nurses. It also does a good job of highlighting the fear-based culture that seems to have crept its way into the profession. In addition to getting yelled at, working overtime and being unappreciated, nurses often work in fear of getting “written up” for various reasons (many of which in my opinion could be resolved with coaching), making a medication error, being put in situations that could cause them to lose their licenses or, since it’s been enacted, violating HIPAA.
Since it was enacted in 1996, HIPAA has turned into a big, scary thing for nurses. If you violate it, “it would be really, really bad,” we’re told by hospital administrators and managers. This translates to “You’ll be written up or fired,” in nurse-speak.
Don’t talk about your patients at home, in public, or to anyone who doesn’t need to know about their medical history. Don’t leave your computer screen unlocked because someone could look at a patient’s health information. Don’t give out patient updates over the phone. Don’t look at patients’ charts, other than the ones you are assigned to. Don’t post about your patients, your workplace or clinical situations on social media. Or else.
Nurses, and the managers and administrators who have “translated” HIPAA for them, are so fearful of violating the law, that they likely don’t know why the act originated or what it entails. The focus seems to be so heavy on privacy that you rarely hear the words insurance or portability mentioned. This could be because patient privacy is something nurses deal with and can protect on a daily basis. However, there is more to HIPAA than just its privacy rule.
What does HIPAA really mean? Here’s a brief primer for to help make the legislation less scary and more helpful.
How did this thing called HIPAA come about? It began as Kassebaum-Kennedy Act and, according to Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, when it was passed in 1996 the intent was to make health care delivery more efficient and increase the number of Americans with health insurance coverage.
The insurance portability portion was intended to help workers maintain health insurance while between jobs. The accountability section focused on security and confidentiality of patient data and information.
The three main provisions in the act are the portability provisions, the tax provisions and the administrative simplification provisions. The Privacy Rule falls under the simplification provision. Why is that? The third provision is an attempt to standardize electronic transmission of health data and the Privacy Rule was developed to create security standards regarding this information.
Who does it affect?
HIPAA applies to groups or people defined as covered entities. These are health care providers including physicians, nurses and hospitals; health plans like health insurance groups and Medicare; health IT vendors who may view health records; and health care clearinghouses which include billing agencies.
What is protected?
This list compiled by The University of Chicago Medicine Office of Corporate Compliance outlines the information protected by HIPAA, otherwise known as protected health information.
- Address (including zip code)
- Dates (birth, admission, discharge, death)
- Telephone numbers
- Fax numbers
- E-mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate/License numbers
- Vehicle identifiers and serial numbers (including license plate)
- Device identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) addresses
- Biometric identifiers, including finger and voice prints
- Full face photographic images and any comparable images; and
- Any other unique identifying number, characteristic, or code.
What are a patient’s rights under HIPAA?
Under HIPAA, patients have the right to:
- Access their health information
- Request a report of disclosures made on their health information
- Request an amendment to their health information
- Request confidential communications
- Restrict certain disclosures of health information
- File a complaint about privacy violations.
The University of Texas Health Science Center at San Antonio created the above list along with some how-to resources for patients that can be found here. While some of the details are specific to UTHSCSA, the resources are helpful for patients anywhere.
What qualifies as a violation?
According to The University of Chicago Medicine Office of Corporate Compliance, a violation or breach is “the unauthorized acquisition, access, use or disclosure of PHI that compromises the security and privacy of the PHI. ‘Compromise the security and privacy of the PHI’ means that the breach poses a significant risk of financial, reputational or other harm to the individual.”
What happens if there is a HIPAA breach? Fines for violations vary by level of severity. A violation that occurred unknowingly is fined less than one that occurred due to negligence.
Complaints about HIPAA violations can be made to the Office for Civil Rights.
How to prevent HIPAA violations?
Facilities offer ongoing training regarding HIPAA. Try not to listen with a fearful ear but rather a mindful one. Take notes on what constitutes a violation and try to come up with real life scenarios that you may run across. When in doubt, practice the golden rule, “Do unto others’ PHI as you would have done to yours,” …and ask a compliance officer for guidance.
CMS HIPAA Hotline: 1-866-282-0659.
Jennifer Thew, RN, MSJ
Latest posts by Jennifer Thew, RN, MSJ (see all)
- Telemedicine Use Primed to Keep Going Up… Up… Up - February 10, 2015
- Burnout Among Health IT Professionals - January 13, 2015
- Gathering Together to Create a Family Health History - December 2, 2014