Jump to content

HIPAA are there loop holes?

HIPAA   (6,217 Views | 16 Replies)
by pilotpn pilotpn (New) New

pilotpn has 1 years experience and specializes in Urgent Care.

868 Profile Views; 3 Posts

i just need some help understanding how things play out with hipaa. i'm a new grad and new hire. how do the hipaa policies differ or do they from urgent care walk ins, er, main campus hospitals?

main campus hospitals, usually the patient will stay long enough for a shift change/report so they are handed over to another nurse, i guess giving them the legal right to their information. er and walk ins, are they different when it comes to hipaa? a walk in visit is about an hour's stay, but you could have pending labs that won't result for 2-3 days requiring some one else to clear/note them. i have been in the er half a dozen times with my kids before i went into nursing and experienced this, triage nurse then md or pa and then another nurse doing the discharge.

discharging patients you did not treat. you see their medical information when putting together their discharge papers. does this fall under "policy and procedure of the hospital" giving you the right to see this info? when you are doing the discharge does that make you part of treatment by answering questions about meds or their diagnosis.

nurse notes on patients you did not treat. notes on labs mds have reviewed. the md didn't verbally tell me it was ok to look up that patient i didn't treat, but by dropping the signed final lab on the nurse's station desk, i'm suppose to add a note stating the labs have been reviewed. now legally if that patient found out i saw their medical and personal information without treating them would i be in violation? how would they find out? that's not the point.

change of plan of care that requires you to look up patient personal and medical history before contacting that patient. say you get a lab result back that states the patient is pos for beta strep and the md wants a new rx called in for them.

is this the way it is done everywhere and i'm just too green to have a clue? basically if all the aforementioned is not done it would take days for the right nurse to do everything for only the patients they treated.

i'm sure i'm gonna get a "welcome to nursing" from someone, but i would still like to have some feed back.

thanks

Share this post


Link to post
Share on other sites

Woodenpug is a BSN and specializes in MPCU.

734 Posts; 7,492 Profile Views

You are not violating hippa, if you need the information to perform your duties.

Share this post


Link to post
Share on other sites

Rikki's Number has 5 years experience and specializes in Emergency Room.

5 Posts; 4,264 Profile Views

Pilotpn,

First, thanks for spelling HIPAA correctly (a pet peeve of mine).

I used to be very involved in HIPAA regulations. All of the circumstances you describe fall under the "treatment" part of HIPAA Privacy. HIPAA is a sensible law. You are violating HIPAA privacy IF you access patient information for personal reasons, like being nosey about a patient. If you are doing your job, then having access to the patient's information is reasonable.

For example, if you are discharging a patient, even if the patient was cared for by another nurse, then of course you could see that patient's information. An example of what you could NOT do with that patient, is to go back and look up previous visits.

I hope this helps.

Share this post


Link to post
Share on other sites

Altra is a BSN, RN and specializes in Emergency & Trauma/Adult ICU.

6,255 Posts; 40,904 Profile Views

discharging patients you did not treat. you see their medical information when putting together their discharge papers. does this fall under "policy and procedure of the hospital" giving you the right to see this info? when you are doing the discharge does that make you part of treatment by answering questions about meds or their diagnosis.

yes. so there is no hipaa issue.

nurse notes on patients you did not treat. notes on labs mds have reviewed. the md didn't verbally tell me it was ok to look up that patient i didn't treat, but by dropping the signed final lab on the nurse's station desk, i'm suppose(d) to add a note stating the labs have been reviewed. now legally if that patient found out i saw their medical and personal information without treating them would i be in violation? how would they find out? that's not the point.

again, no hipaa issue.

change of plan of care that requires you to look up patient personal and medical history before contacting that patient. say you get a lab result back that states the patient is pos for beta strep and the md wants a new rx called in for them.

depends on the work flow where you work -- that patient's primary nurse might be the one to follow through and obtain the new rx -- or it might be whoever took the call. teamwork. ;)

is this the way it is done everywhere and i'm just too green to have a clue? basically if all the aforementioned is not done it would take days for the right nurse to do everything for only the patients they treated.

i'm sure i'm gonna get a "welcome to nursing" from someone, but i would still like to have some feed back.

thanks

i've highlighted the most important point in the last part of your post.

hipaa is drilled into your head in school with good reason: not only is it ethically wrong to inappropriately share medical information, it has also been legally interpreted in the us as a violation of that patient's civil rights and can be prosecuted as such.

having said that ... take a deep breath and think about practical reality. except in certain private duty/home health situations, it is impractical and illogical to assume an exclusive one-on-one relationship between a nurse and a patient that presumes that that nurse and only that nurse will have any part in the transmission of medical information about that patient. in any kind of instutional care setting, whether a hospital, ltc, or outpatient/office environment -- there is teamwork involved, and it does not mean that any privacy standard is being violated. ringing phones need to be answered. faxes need to be retrieved from the fax machine. pieces of paper need to be placed where they are supposed to be. if your eyes or ears have received information that needs to be acted upon or passed on ... you need to do it. this is not a legal loophole, just reality.

as you correctly point out ... not doing so would result in delays in treatment and very likely adverse outcomes.

hope this helps. :)

Edited by Altra
clarification

Share this post


Link to post
Share on other sites

Woodenpug is a BSN and specializes in MPCU.

734 Posts; 7,492 Profile Views

HIPAA

Share this post


Link to post
Share on other sites

KelRN215 has 10 years experience as a BSN, RN and specializes in Pedi.

1 Article; 7,344 Posts; 68,818 Profile Views

HIPAA is a federal law so, no, it's not different from department to department- the basic premises are the same but none of the situations you describe violate HIPAA. An example of a HIPAA violation would be if you saw that, for example, your neighbor was a patient in your ER and you clicked on his chart to see why he was there. If you are not his nurse, you have no reason to access his information. Or, if you went home and told your husband "I saw John in the ER at work today, I wonder what was wrong." You cannot even disclose that you know John was in the ER because you gained that knowledge through your position as an employee and you are obligated to protect patient confidentiality. If John sees you later in the week and tells you that he was in your ER earlier in the week, that's fine.

I have this argument with my mother on a regular basis... a patient cared for at my institution would be on the News for something or another and my mother will call me and say "I saw this thing on the news... was that patient on your floor?" I've told her time and time again to not ask me this. Or, someone that she knows knows a patient in my institution and she'll ask me a question like, "Suzy's daughter is in your hospital, did you see her?" Regardless of if I did or not, I cannot tell her.

Share this post


Link to post
Share on other sites

KelRN215 has 10 years experience as a BSN, RN and specializes in Pedi.

1 Article; 7,344 Posts; 68,818 Profile Views

Pilotpn,

First, thanks for spelling HIPAA correctly (a pet peeve of mine).

A huge pet peeve of mine too. I cringe every time I see HIPPA. It hurt a little to even write that. Even worse is JACHO.

Share this post


Link to post
Share on other sites

pilotpn has 1 years experience and specializes in Urgent Care.

3 Posts; 868 Profile Views

Thanks for the in depth replies, I feel a lot better. I do have to admit in writing the original post, I felt a little stupid because after thinking about it I started to answer my own questions, but there is nothing better than getting advice from seasoned professionals.

Share this post


Link to post
Share on other sites

merlee has 36 years experience.

1,246 Posts; 13,652 Profile Views

I am starting to get annoyed about the term 'seasoned'. I do that to food, or to wood. Maybe I am just getting old.

But HIPAA is another thing. The issue here is 'need to know'. If we just keep that in mind, then it should not be so hard to understand.

What do we need to know, and about whom. The main thing is - if it's not your patient, don't go looking up anything. And don't tell anybody outside anything about those you care for.

It's really rather simple.

Share this post


Link to post
Share on other sites

pilotpn has 1 years experience and specializes in Urgent Care.

3 Posts; 868 Profile Views

I agree, and as far as "seasoned" I'm no spring chicken, I guessed I should have used the word "experienced". This is my 3rd and final career.

Share this post


Link to post
Share on other sites

Rikki's Number has 5 years experience and specializes in Emergency Room.

5 Posts; 4,264 Profile Views

Thanks for the in depth replies, I feel a lot better. I do have to admit in writing the original post, I felt a little stupid because after thinking about it I started to answer my own questions, but there is nothing better than getting advice from seasoned professionals.

Pilotpn,

Don't sweat it. There is a whole industry out there that tries to make HIPAA seem like the tax law - too difficult for the average person to understand. Also, if yours is like most, your HIPAA officer comes up with ridiculous interpretations of what is under HIPAA. I easily see how people can get confused.

Share this post


Link to post
Share on other sites

Esme12 has 40 years experience as a ASN, BSN, RN and specializes in Critical Care, ED, Cath lab, CTPAC,Trauma.

6 Followers; 4 Articles; 20,908 Posts; 149,033 Profile Views

Pilotpn,

First, thanks for spelling HIPAA correctly (a pet peeve of mine).

I used to be very involved in HIPAA regulations. All of the circumstances you describe fall under the "treatment" part of HIPAA Privacy. HIPAA is a sensible law. You are violating HIPAA privacy IF you access patient information for personal reasons, like being nosey about a patient. If you are doing your job, then having access to the patient's information is reasonable.

For example, if you are discharging a patient, even if the patient was cared for by another nurse, then of course you could see that patient's information. An example of what you could NOT do with that patient, is to go back and look up previous visits.

I hope this helps.

Minimum Necessary Requirement

For uses of protected health information, the covered entity's policies and procedures must identify the persons or classes of persons within the covered entity who need access to the information to carry out their job duties, the categories or types of protected health information needed, and conditions appropriate to such access. For example, hospitals may implement policies that permit doctors, nurses, or others involved in treatment to have access to the entire medical record, as needed. Case-by-case review of each use is not required. Where the entire medical record is necessary, the covered entity's policies and procedures must state so explicitly and include a justification\

Summary of the HIPAA Privacy Rule

If you need to access that patients record to better care for them then it is not a HIPAA violation. Yes, you may access past records if it is needed inthe care of the patient today. For example. If you discharged a patient for another nurse who was seen for a sore throat and the culture comes back positive for strep you can go into the patients record to see if there are any allergies to any medicine or has been treated for it in the past and see what meds the patient is taking. What you can't do is ask the patient how's she's recovering from the pelvic infection from a year ago. That information is not needed to treat her present condition unless it is becasue of a bad reaction to antibiotics that you would need to know now. Great questions!!!!

By the way......Welcome to nursing!!! Congratulations!:loveya:

HIPAA FAQs

Summary of the HIPAA Privacy Rule

Share this post


Link to post
Share on other sites
×

This site uses cookies. By using this site, you consent to the placement of these cookies. Read our Privacy, Cookies, and Terms of Service Policies to learn more.