Published Feb 27, 2009
acceleratedstudent
12 Posts
Does anyone now of an article I can use in regards to HIPPA violations for patient identifiers. I am doing a change project and would like to incorporate patient identifier violations from HIPPA into my project.
Thanks
Rachel
Pierrette
76 Posts
A simple google of "HIPAA patient identifiers" gives results (below). Please note that HIPAA has only one "P".
I am presently a privacy officer. Just about anything can identify a patient.
HIPAA regulated Patient identifiers include:
* Account Numbers * Name(s) of relative(s) * Biometric identifiers * Names * Certificate/License numbers * Medical Record Number * Dates * Photographs and comparable images * Device identifiers * Postal Address * Email addresses * Social Security Number * Fax numbers * Telephone numbers * Health Plan Numbers * Vehicle identifiers including license plate numbers * IP address numbers * Web URL's * Any other unique identifying number, characteristic, or code
Thank you but let me clarify what I am trying to find out. I need to know what the specific hipaa violations are for patient identifiers and an article to back it up. I do know that it is a violation to have more than two patient identifiers (eg. name, DOB). So does anyone know where I can find an article supporting this?
mudd68
82 Posts
I am not clear on what you need. Having the 2 is not the problem. But if you identify your pt in the hallway around 3 visitors using even one identifier, it is a violation. Can you clarify your request, again? sorry.
I have been searching on the HIPAA website for documentation on what are violations for patient identifiers but can not seem to come up with a specific document for this. I am doing a change project for the ICU and am redoing their white board that has all of the pt's, room#'s, and RN's assigned and need to prove they are not violating any HIPAA rules regarding patient identifiers. Please let me know if you need more clarification. Sorry for all of the confusion. :wink2:
wubbzy
54 Posts
When you find out what you want, please let me know. I am going after a doctor, pharmacist, and hospital for violating the federal HIPAA law with me! I'll be interested to know what you find out and so will my attorney. Thanks!
BabyLady, BSN, RN
2,300 Posts
The "two patient identifyers" is not true.
A date of birth isn't going to identify a patient without a name, however, it's unnecessary information...you only need to know the age of the patient, so birth year would be a better option.
A name alone, not coupled with anything, is the biggest identifier at all. It's best to only use first and last initials...when you start doing research projects from professional journals, this is very often how patients are referred to in articles.
Finding an article, I believe, is part of your assignment. You first need to understand what constitutes a HIPAA violation to start with...once you learn that, you'll find that articles are easy to find online.
What research have YOU done so far?
Thank you, but how did you find that out. I have been on the HIPAA website and found articles regarding privacy rules but nothing that is specific to patient identifiers?? This is where I am looking: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
can anyone please direct me in the right direction.
An important clarification is where the board is located. It is not a HIPAA violation to share information that is needed in patient care.
ALL the nurses of the unit need to know which patient is in which room, the primary diagnosis, the physician and their age b/c their primary nurse may not be immediately available in the event of an emergency. Anything more than that, is most likely, not necessary unless you are the nurse attending the patient.
If the board is in the nurses station where the public can view it, then nothing more than the room numbers and the RN assigned would be appropriate...nurses should be given handouts at report so they know who is where, physician, age, primary diagnosis with a policy that the papers are put in the shredder at the end of the shift.
An important clarification is where the board is located. It is not a HIPAA violation to share information that is needed in patient care.ALL the nurses of the unit need to know which patient is in which room, the primary diagnosis, the physician and their age b/c their primary nurse may not be immediately available in the event of an emergency. Anything more than that, is most likely, not necessary unless you are the nurse attending the patient.If the board is in the nurses station where the public can view it, then nothing more than the room numbers and the RN assigned would be appropriate...nurses should be given handouts at report so they know who is where, physician, age, primary diagnosis with a policy that the papers are put in the shredder at the end of the shift.
:bow:Thank you very much. Do you know of any book's, articles or other scholarly material where I may find more information on this topic to back this up. The books I have are not producing good information in this topic.
It is simply not a violation to use whiteboards. HIPAA does not intend to impede safe, effective healthcare. It simply tries to enforce the "minimum necessary". If it's necessary to use a whiteboard, and you can defend it, then it's okay. From my years of working with HIPAA and my understanding of the regs, putting "pt's, room#'s, and RN's assigned" on a whiteboard to aid in treatment (taking reasonable effort to avoid unnecessary disclosures) is perfectly fine and is not a violation. The HIPAA regulations do not address whiteboards directly. Thus, you are not likely to find something that is not there.
HIPAA privacy is a long, complex regulation. It is not easy to grasp the big picture without studying it a great amount. Be careful about the number of identifiers. Even one identifier could be a violation. "BabyLady" is giving good advice. She obviously has some HIPAA experience. I do disagree slightly about the birth date not being an identifier by itself.
I suspect you are not going to find any scholarly information, however, some links below say what I've read in the hundreds of pages HIPAA explanations. I hope this helps.
http://www.hcpro.com/HIM-227698-140/HIPAA-refresher-Faxing-PHI-retaining-patient-emails-using-whiteboards-and-more.html
http://www.hcpro.com/HOM-206714-1049/Recognize-common-HIPAA-myths-and-misconceptions-Whiteboards-storing-records-and-business-associates.html
http://74.125.77.132/search?q=cache:MXFfKZO1EQsJ:www.pihn.org/Newsletters/PIHNemailnewsletter0206.doc+hipaa+whiteboards&hl=en&ct=clnk&cd=6&gl=us&client=firefox-a
http://www.fepblue.org/mediaroom/hipaa/2008-03-hipaa-myths.html
http://www.omnisure.com/login%20area/Newsletters/HIPAA.pdf
http://iubonetumor.com/pdf/privacy.pdf
Like the other poster said...HIPAA regulations is long, however, you are most likely not going to find a hard core, concrete, step by step guide of every situations of what is acceptable versus what is not, because in healthcare, there are so many variations in situations.
I guess the way to answer your question is to say that there is a "spirit" to HIPAA regulations very similar to the "spirit" of the law...even though we have laws, ordinances, regulations that protect our society, you won't find a concrete guide to every human situation even in the law books...that is where things like case law, court decisions, "common practice" things like that take over....and also, why it changes from time to time.
HIPAA, is the same way.
If it's information that you NEED in order to provide good, safe, healthcare...then it's not a violation.
If it's information that isn't necessary, out of curiosity, to make things convenient that could easily be left out, then it probably is one.
Not sure if that helps or not.