Big grey areas

Published

So I was speaking to a friend of mine about how to deal with phone calls from relatives of patients. What exactly constitutes a violation of HIPAA privacy? Generally I give people status updates and vague information like "they are doing well" or "they're eating and participating well in therapy." It just seems like whole lot of it has to do with nursing judgement. When it comes to exact data like results of CT scan and labs, the general consensus of the floor I work on is to not give the information and to tell them to call the doctor. However, if the patient's relative over the phone already seems to know a considerable amount of information about the patient, I will be a little more than lenient to talk about the patients status. I remember having a meeting with an HIPAA rep, and walking right out of that meeting not knowing anymore than I did before.

Specializes in Geri - Edu - Infection Control - QAPI.

I agree! HIPAA has a lot of grey areas especially since consumers want their info now. I'm a Staff Development Nurse and do a lot of education around HIPAA.

I generally inform CNAs and non-management nurses to refer any inquiries to their supervisors. If a family member or friend gives you a hard time and the patient is alert and oriented, you can ask the patient. Let them know it is your responsibility to keep patient information protected.

My rule of thumb is to check the patient's medical record for listed contacts. Do not provide info to anyone who isn't listed. If someone who isn't listed calls, refer them to their family representative for info. That also helps you because you're not repeating yourself to 50 different family members.

I was even told during a HIPAA training if someone asks if John Doe is a patient, you can't answer unless they provide you with identification.

If your unit has an established means of determining who does and does not have permission to receive information, this all becomes very simple. Units that use passcodes seem to feel it is effective for the most part. Trying to pick a generic middle-of-the-road response that can be used routinely is not helping those who do have permission to receive more detailed information nor the patients for whom callers don't have permission. Everything hinges on whether permission is granted or not (or a reasonable NOK situation when permission can't be expressly given).

Half the things that nurses are told are HIPAA violations actually aren't; hospitals don't mind us being confused about the distinction between their own privacy practices (or wishful thinking!) and HIPAA. Case in point...

I was even told during a HIPAA training if someone asks if John Doe is a patient, you can't answer unless they provide you with identification.

I've heard people say things like this, too, and I don't get it. The correct information is just so very clear.

Answer

When I've been admitted to the hospital they ask if I want callers/visitors knowing I'm there and any updates. I say yes. If you say no, then they can't give any info without your permission.

Yeah, I always ask the patient if its okay to give the results to tests now if they're within capacity. I remember sometimes I would ask the relative to hold on the phone while I put the patient on the phone to confirm it was the right person. Thats when I was paranoid. I always check contacts as well.

+ Join the Discussion