HIPAA Privacy officer reporting for duty.....
Won the "prize"of going to a 4 day HIPAA training in February
"cause you know computers and confidentiality standards, can earn how to fill out this HIPAA form, and only one really available that can be released from office". Now I'm Privacy co-chair for entire Health system and responsible for HIPAA Privacy review in my agency (completing next week). See what happens when you say you moderate an allnurses forum???
Check out these topics of interest. HIPAA rules fall under the Office Of Civil Rights for sanctions... haven't seen them in my hospital/health facility in a LONG time. See Privacy story's -- what we want to prevent then check out the FAQ first as it gives overview of regs.
Medical Privacy Stories
July 6, 2001 HIPAA FAQ:
HHS first set of guidance to answer common questions and clarify confusion about the final rule's provisions. http://www.hhs.gov/ocr/hipaa/finalmaster.html
from above site---
Q: Do the minimum necessary requirements prohibit covered entities from maintaining patient medical charts at bedside, require that covered entities shred empty prescription vials, or require that X-ray light boards be isolated?
A: No. The minimum necessary standards do not require that covered entities take any of these specific measures. Covered entities must, in accordance with other provisions of the Privacy Rule, take reasonable precautions to prevent inadvertent or unnecessary disclosures
. For example, while the Privacy Rule does not require that X-ray boards be totally isolated from all other functions, it does require covered entities to take reasonable precautions to protect X-rays from being accessible to the public. We understand that these and similar matters are of special concern to many covered entities, and we will propose modifications to the rule to increase covered entities' confidence that these practices are not prohibited.
The words "resonable precautions" is key here.
Clipboards at bedside are permissionable just need coversheet to minimize prying eyes. Would make reasuable coversheet simple to avoid temptation eg:
PHI 3 South (area)
Rm # ______
down bottom place: Facility staff use only. (warning statement...don't make obvious; no doctor info on sheet)
p.s.:PHI-accronym for Protected health information.
This coversheet meets the standard for reasonable precaution---charting cabinet outside door or placing clipboard inside treatment abinet in room an additional step---but not always feasable in cash strapped 75 year old hospital.
Other things staff nurses can do to minimize privacy breaches:
1. Never share your password to computer system. If facility uses large amts temp nursing staff should have password available just for these workers for computer access.
2. Log off before leaving computer..even for few seconds. Computer should have screen saver turn on for inactivity 30-60 seconds. Computers not placed in open view of hallways. Use computer screens ..placed recessed m turned away from public view.
3. Pull curtain between patients when conducting patient admission interviews. Ask pt who does he want as his emergency contact and can facility release clinical information to them. If sensative topic to be discussed eg SW financail eval for nursing home placement, rape counseling etc, is there a conference area that interview can be conducted in or could roomate be taken out of room??
4. If speciman labels with patient info left in pts room above bed, place in white envelope not clear one so visitors can't read info.
5. White boards last name; treating staff first name or initials only
6. Sign in sheets name only, avoid listing dr to be seen to prevent linking doc with specific medical problem.
Protecting the Privacy of Patients' Health Information, HHS Fact Sheet, 7/6/01
HIPAA Compliance Strategies
Target Behavior to Plug Weak Spots In Seven Vulnerable Privacy Areas
Privacy Reminders, Technical Changes Help System Protect Health Information
Tips for Protecting Faxes Under HIPAA Privacy Rule
Standards for Privacy of Individually Identifiable Health Information
Student Nurses Pose HIPAA Challenges: De-Identification, Minimum Necessary
Bring HIPAA to Life With Patient Scenarios That Plot the Permitted Flow of PHI
How to Limit the Risks of PHI Left in Telephone Messages