[deespoohbear]

Went to one of the mandatory HIPAA inservices we had the other day. I tell you this is about enough to make me want to get out of health care....I am all for patient's privacy and such but I think some of this has gone too far. We have been told at our hospital that we can't even inquire how a patient is doing, even if we had cared for that patient the day before. I like to know how the patients are doing...I really think it is great when the patient improves but I guess now I won't know anymore. I like to know that my nursing skills and care may have helped someone to regain their health or at least be able to cope with what has been handed to them. Is HIPAA going to make us a less caring profession? I don't about the rest of you, but it makes me feel like I have accomplished something when I know my patients are improving.....maybe I am just self-centered and conceited.

With all this HIPAA stuff, I am afraid to even look in my own patient's charts....wouldn't want to accidentally find something out that I am not suppose to know...I feel a major headache coming on....

Our privacy officer told us that complaints about HIPAA are going to be handled by the Office of Civil Rights, and that they are already receiving complaints about HIPAA violations and the law hasn't even gone into full effect......lawsuit city....wonder how many good healthcare professionals will leave their professions because of "unobtainable" goals for compliance?

[OBNURSEHEATHER]

Interesting Becky. I just went to my mandatory inservice on Wednesday.

It is getting kinda out of hand. I'm there to help people, and I gotta walk around on eggshells.

It is scary, and it does make me question how much I want to be here.

Heather

[deespoohbear]

Supposedly, we can't even tell the lab people when they come to draw that a person has dementia because they don't need to know that to do their job. Well, my feeling is if I am going to be doing a procedure on someone who has the potential to hit me, I think it IS my right to know. But now, I will supposedly be violating HIPAA by doing that....

Who were the lovely elected officials who came up with this gem of legislation? I wish I could find a list of every elected official who represents me that voted for this and have the opportunity to tell them why they are about to make our lives hell...and that I have no intention of voting for them again. Won't change the HIPAA, but will at least make me feel a tiny bit better.....(a wee tiny bit....)

[TNcanNURSE]

I had an appointment at the doctor's office today and they gave me a whole stack of papers to fill out so that they would be in compliance with the new privacy issues.

[NRSKarenRN]

RE: patient you cared for previous day and no longer your patient....

OK to ask general inquiry re condition. NOT ok to look in chart.
This is different for us nurses used to continuety of care and concerned about things not being missed. ----this is minor in view of HIPAA regs. BIGGER violation is once patient OFF of your unit---transfered to ICU or vica-versa ICU to floor, NOT OK to go to that unit and check the chart of patient to check on patient's progress (very common in my early years in hospital).

OR you know your Neighbor Mrs. XYZA is on your floor as patient. You check her chart to see what's up.....BIG HIPAA FINE as your not providing her care and just snopping---invading her privacy. See the difference???

I was Privacy officer after initial HIPAA training until new QI staff appointed and still responsible for Privacy team.
With our new computer system, staff's name, address and phone numbers loaded into one screen as a means of computer system scheduling software being able to locate RN/HHA nearest patient for assignment. ALL STAFF with computer access can visualize that info if they stumble across this area....I just discovered this info on Monday.

Informed the VP of Nursing it is a staff PRIVACY violation and they need to fix! OK to have nurse/PT/Aide...town and agency beeper number or voicemail in screen but NOT entire address or home phone number. They tried passing it off as OK under TPO. This discussion went to Sr Management level this week. If I see it not corrected by tomorrow, I will report issue to HIPAA Taskforce chair. Can you see how HIPPAA is protecting my agency's workforce in this instance???

Mostly HIPAA is about policy and procedure (P+P) and are you following that P+P. Good summary article found tonight on Medscape Nursing and posting here.


Checklist for Complying With New Patient Privacy Rules

from The Gold Sheet
Posted 01/08/2003

Gold Sheet 4(12), 2002. © 2002 Carolyn Buppert
The Gold Sheet is published monthly by the Law Office of Carolyn Buppert, 1419 Forest Drive, Suite 205, Annapolis, MD 21403.


Medical practices, facilities need to do these things to comply with new Federal regulations on patient privacy
http://www.medscape.com/viewarticle/445028 (Free Registtration required)



1. Appoint a privacy officer. It may be a staff member with other responsibilities.

2. Conduct an audit of current procedures, answering the questions:

Does the practice or facility furnish, bill or receive payment for health care in the normal course of business? For a decision tree, visit http://www.cms.hhs.gov/hipaa/hipaa2/...rt/default.asp


How does the practice or facility, in the course of taking care of patients, transmit information about individual patients? If using electronic transmissions, continue to question 3.


3. Does the practice or its clinicians have a direct treatment relationship with patients? If "yes," continue to question 4.


4. At the practice or facility, how might a patient's information be seen or heard by another individual who does not need the information to do his job?

Examples: Overheard conversations, trash taken out to a dumpster and then scattered by wind, wide access to the practice's computer, records faxed to an employer without a patient's authorization, records faxed to a wrong number.


5. Are patient records secure; i.e., viewable only by the minimum number of people necessary to treat, get paid and operate the practice or facility?


6. Does the practice or facility have written policies and procedures for assuring privacy of patient information?


7. Does the practice or facility have a "Notice of patients' rights to privacy"?


8. Has the notice been shared with patients? How?


9. Has the practice made a good faith effort to get all patients to sign an acknowledgment of receipt of the notice?


10. Does the practice or facility sell any patient information to vendors?


11. Does the practice or facility disclose any information on patients to individuals who are not involved in treatment, payment or practice or facility operations?


12. Does the administrative staff know when a patient must authorize disclosure of his or her information?


13. Has the practice determined which patients must sign authorization forms? Have those individuals signed the forms?


14. Does the practice or facility keep psychotherapy records separate from the general medical record? If so, special rules apply to the psychotherapy records.


15. Does the practice or facility conduct research? If so, special rules apply.

*Walk around the physical plant looking and listening for situations where protected health information is or might be released for purposes other than treatment, payment or operations. (Examples: staff conversations can be overheard by people in waiting room, loose progress notes lying in view of other patients)

*Write down the ways in which the practice or facility stores patient information, the categories of individuals to whom the practice transmits patient information and the circumstances of transmittal. (Example: Paper records, transmitted to insurance companies, other clinicians, and office staff, sent through mail or faxed.)

* Meet with colleagues at the practice or facility to develop a time line of activities and dates to be accomplished so that systems are in place by the April 14, 2003 deadline for compliance.

*Draft, review and print a "notice of patient rights" and "authorization form for release of protected information" tailored to the specific practice or facility and its patients.

The government has not provided template forms, but has specified in the rules what must be included in the forms.

* Decide whether the same forms can be used for all health care providers, or whether certain clinicians need variations on the general forms.

*Decide how to distribute the notice of patient rights--at an office visit, by mail, or by e-mail.

*Distribute or prominently post the notice of patient rights.

*Develop a form on which patients acknowledge that they have reviewed the notice of patient rights.

* Decide where the signed acknowledgment forms will be stored.

* Determine the circumstances under which patients need to authorize use or disclosure of their information.

*Obtain patient authorizations where required. (Patient authorization is required when a practice or facility has plans to disclose patient information to a vendor, employer, financial institution or other entity or individual not involved in treatment, health care payment or health care operations.)

*Draft, review and adopt policies and procedures for assuring privacy of protected patient information, based on the self-audits of the physical plant, operations and communications systems.

* Disseminate the policies to employees, contractors and clinicians with privileges at the practice or facility.

*Conduct training of employees regarding the authorization, notice, policies and procedures.

*Document the dates and attendance at the training.

* Decide where to keep the documentation of training.

*Decide how often staff will be required to review the policies, and how the policies will be incorporated into new employee orientation.

*Determine how individuals who violate the policies will be sanctioned.

*Reassess the physical plant and operations, asking "How could we violate patient privacy?"

To read the Federal rules on patient privacy in their entirety visit http://www.hhs.gov/ocr/hipaa/finalreg.html.
For an overview on the rules, visit http://www.hhs.gov/ocr/hipaa.


I've completed all of the agency review of above....now on to assisting in P + P updates...a lot to fix AFTER JCAHO on 2/3 and before 4/16/03---Implimentation date.

[RNFROG3]

Whew I have to do all that and save lives now your going tooo far!

[passing thru]

I have an interesting experience to share that some of you may not have thought of. On my first visit to my Primary Care Physician, he was taking my history. I told him everything about my for the last twenty years.
Five years later , I was a patient in my hospital. My entire chart was sent to the unit by medical records.
A week later when I was back at work, my nurse manager asked me some personal questions that she could only have known by reading my original history.The unit of the hospital where I was hospitalized was not a unit under her supervision, actually I was several floors and a building away.
As it turned out, quite a few nurses read my chart...nurses from other units.
I was really ticked off. I informed my PCP that ""I don't know what you wrote in my original history, but every nurse in the hospital has read my chart." He acted embarrassed , but did not respond. AND, the hospitals' policy is: I cannot read it!!!
Moral of this story: Use discretion in what you disclose. The doc does not need to know EVERYTHING you ever did.....didn't do. He's the doc , not the priest. !!
2nd moral: I would advise people to disclose only what you do not want your co-workers to see. And, of course, your records follow you.
I always heard , "you tell your doctor and your lawyer EVERYTHING !!" I would definitely remove the doctor from this list!
I'd put the doc on the ""need to know"" basis also.

[sjoe]

"Went to one of the mandatory HIPAA inservices we had the other day. I tell you this is about enough to make me want to get out of health care...."

One more bureaucratic/legal restriction on those who provide healthcare imposed by those who simply have some power and are trying to make their own "career track" look good.

passing writes: "AND, the hospitals' policy is: I cannot read it!!!"

So far as a patient's not being able to read his/her own chart, I believe this is now unlawful. I think they can charge you a copying fee, but they have to xerox it for you, if you so request.

The last time I did this, the records dept told me they had 72 hours to copy it, but since they weren't overloaded just then, it was ready the next day for me to pick up. The charge was 10 or 15 cents/page. The radiology department provided me with copies of all my xrays and MRI films for free, though they said additional copies would be $9/page.

I ALWAYS have a full record of all this stuff at home, and keep it current. Why not?


IMHO.

[deespoohbear]

Originally posted by passing thru
I have an interesting experience to share that some of you may not have thought of. On my first visit to my Primary Care Physician, he was taking my history. I told him everything about my for the last twenty years.
Five years later , I was a patient in my hospital. My entire chart was sent to the unit by medical records.
A week later when I was back at work, my nurse manager asked me some personal questions that she could only have known by reading my original history.The unit of the hospital where I was hospitalized was not a unit under her supervision, actually I was several floors and a building away.
As it turned out, quite a few nurses read my chart...nurses from other units.
I was really ticked off. I informed my PCP that ""I don't know what you wrote in my original history, but every nurse in the hospital has read my chart." He acted embarrassed , but did not respond. AND, the hospitals' policy is: I cannot read it!!!
Moral of this story: Use discretion in what you disclose. The doc does not need to know EVERYTHING you ever did.....didn't do. He's the doc , not the priest. !!
2nd moral: I would advise people to disclose only what you do not want your co-workers to see. And, of course, your records follow you.
I always heard , "you tell your doctor and your lawyer EVERYTHING !!" I would definitely remove the doctor from this list!
I'd put the doc on the ""need to know"" basis also.

passing thru....your example is a clear violation of your privacy and I totally understand why you would be ticked off. I don't think your doctor is at fault here, it is the people who were snooping your chart for no good reason.

I believe HIPAA is going to be a very difficult thing to be in total compliance. Today for example I had an elderly patient who wanted me to get some cough syrup for him....no order...his doc out of town...so I call the covering physician...explain to them that patient was requesting cough syrup...they wanted his MARS, VS, and breath sounds faxed to their office before they would order anything. Did I violate a HIPAA rule because I potentially provided more information than what was needed to treat this person? Everytime I do something now, I am afraid Big Brother is looking over my shoulder waiting to slap me with some big fine....or worse....I am really considering getting out of health care because of stuff like this. I mean I am all for guarding one's privacy but when the government is ready to nail me for something I may not even be aware that I did, then it is going too far.

We already have a shortage of nurses and other healthcare professionals such as pharmacists, therapists,....I just don't see that situation improving when we are expected to live up to such unobtainable goals....or be slapped with sanctions and fines.....just don't need that worry...

[nurse-lou]

Hmm..we haven't had ANY such meetings at my facility but I an sure that one is coming soon. Can't wait! NOT!