Confidentiality
Breaching Confidentiality
Breaching confidentiality means that patient health information has been accidentally or intentionally disclosed without the patient's permission. Healthcare workers who breach confidentiality can get fired or demoted by the healthcare employer, sued by the patient, or fined or imprisoned by the legal system. When confidentiality is breached in the workplace, patients, coworkers, or supervisors may report it to the Office of Civil Rights (OCR). The OCR is a federal agency that works within the US Department of Health and Human Services (DHHS), and is responsible for overseeing HIPAA compliance. Anybody can file a complaint with the OCR about a HIPAA violation, and it is the OCR's job to perform an investigation of the person who violated HIPAA.
Medical Records and HIPAA
HIPAA impacts the way that medical records are accessed and stored in the workplace. Medical records are the charts that contain patient medical information. Medical records are often maintained electronically and are known as electronic medical records. These records can be accessed by healthcare workers through a computer. Since medical records contain PHI, both the Privacy and Security Rules apply to medical records. According to HIPAA, medical records can be shared between healthcare providers, such as between two doctors, without it being a violation of HIPAA. This is because sharing the information can help improve a patient's care. However, medical records cannot be shared with nonproviders, such as a patient's teacher, unless the patient specifies that this is permitted. Also according to HIPAA, electronic medical records must be stored on authorized work computer systems that can only be accessed with a password.
HIPAA Guidelines and Patient Rights
HIPAA provides healthcare workers with several guidelines to follow in order to properly protect patient privacy and maintain confidentiality. These guidelines are based on patient rights. Some of the patient rights that affect the HIPAA guidelines are: - the right to privacy. - the right to know who will be accessing or using their health information. - the right to tell medical professionals with whom they do, or do not, want their health information to be shared. This is known as patient consent, and will be explored next.
Complying with HIPAA
If you work in health care, you can comply with HIPAA by: - password protecting your personal work computer, and keeping the computer locked when you are not using it. - never discussing patient information outside of the workplace. - keeping PHI turned face down on your desk, unless you are using it. - checking with patients to find out with whom they would like their PHI to be shared, if anyone. - shredding patient information instead of throwing it away. - never taking home patient information or storing it on your personal computer.
Privileged Communication
In health care, privileged communication is communication that occurs between a patient and the patient's healthcare provider. It consists of information that is sensitive and personal, such as health information. Whenever privileged communication takes place, the information being shared is automatically considered private. Examples of information that is shared during privileged communication include: Health history Medical symptoms Medical diagnosis Laboratory results
Importance of Confidentiality
Patient confidentiality protects patients from having their information exposed publicly, which can have negative effects, such as embarrassment. Patient confidentiality is also important in health care because it helps to build trust between patients and healthcare workers. When patients know that their health information will be kept confidential, it makes them more comfortable, and therefore more likely to share their medical concerns with healthcare workers. In turn, this helps healthcare workers better meet patients' medical needs.
Patient Consent
Patient consent is a patient's authorization to share private health information with others. Patients often give consent to allow spouses or family members to have access to their health information. For example, a woman can give her doctor's office consent to share her medical information with her husband. However, without that consent the doctor's office would not be allowed to share this information with her husband. Patients can give written or verbal consent, and the information is put into the patients' medical records. Patients have to be specific about to whom the healthcare worker can release or disclose the information. For instance, a patient might want to give consent for her mother to have access to her medical records, but not her father. This information must be made very clear in the medical file.
Patient Privacy and Confidentiality
Privacy is the patient's right to keep some information to him or herself. When patients share sensitive information with healthcare providers, the privacy transfers from the patient to the provider. Now, it becomes the provider's turn to keep the information private. Confidentiality is the safekeeping of sensitive information, in which the information is only shared with authorized individuals on a need-to-know basis. In the healthcare field, confidentiality includes keeping patient health information private and secure. It is the responsibility of all healthcare workers to keep patient information confidential, and to not disclose it to others unless specified by the patient.
Penalties for Noncompliance
Since HIPAA is a law, there are legal penalties for not complying with the Privacy and Security Rules. Legal penalties are based on the severity of the scenario. It also matters whether confidentiality was breached intentionally or accidentally. There are two types of penalties for violating HIPAA. Civil money penalties These are financial penalties, or fines, that healthcare workers or organizations must pay due to neglecting to follow HIPAA rules, or because they do not know any better. Civil money penalties can range from $100 per violation to $50,000 per violation. Criminal penalties People who intentionally disclose PHI and knowingly violate HIPAA are subject to criminal penalties, which can include significant financial penalties as well as imprisonment.
Privacy Rule
The HIPAA Privacy Rule states that healthcare workers cannot share or release protected health information, or health information that is considered individually identifiable, without the patient's consent. Protected health information (PHI) is any information about a patient's health or medical condition, such as a patient's diagnosis. Individually identifiable health information is a form of PHI, and includes any information that identifies a patient, such as a patient's name, birthday, or Social Security number.
Security Rule
The HIPAA Security Rule describes the processes and tools that are necessary for making sure PHI is kept private and secure. Under the Security Rule, HIPAA requires healthcare organizations to have specific policies, procedures, and practices in place for confidentiality. Examples of practices under the HIPAA Security Rule are access control and integrity control. Access control means that only certain people in the healthcare workplace are authorized to access or handle PHI. Integrity control means that PHI must be properly handled in the workplace. This includes destroying and discarding patient documents. For instance, instead of throwing PHI away in the trashcan, it must be shredded so that the information on the document is no longer identifiable.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is the privacy and confidentiality law that was established in 1996 by the United States Congress. HIPAA was created to protect patient health information from being misused by healthcare professionals. Since HIPAA was adopted in 1996, it has served as the federal legislation that requires healthcare workers to keep patient health information confidential.
Exceptions to Releasing Patient Information
There are a few situations in which healthcare workers may have to release patient information without the patient's consent. If these situations arise, it is not considered a HIPAA violation. Emergency situations If a patient is having a medical emergency, the healthcare worker may have to share the patient's health information with other professionals, such as doctors or the police, so that the patient receives proper care. Dangerous situations If a patient becomes dangerous, or makes dangerous threats, healthcare workers may have to release the patient's health information to legal officials, such as the police, to warn them of the patient's physical or mental health condition. Legal situations If health information needs to be used by the legal system for a trial, the information must be released by the healthcare organization, without getting the patient's permission.
The Rules of HIPAA
Under HIPAA, there are two main classifications of rules that establish laws for patient privacy and confidentiality: Privacy Rule Security Rule Everyone who works in health care must know about the Privacy and Security Rules of HIPAA. Healthcare organizations are responsible for training their staff about the HIPAA rules and making sure everyone understands how to follow them.