Jump to content

HIPPA Violation with patient identifiers

Posted

Does anyone now of an article I can use in regards to HIPPA violations for patient identifiers. I am doing a change project and would like to incorporate patient identifier violations from HIPPA into my project.

Thanks

Rachel

A simple google of "HIPAA patient identifiers" gives results (below). Please note that HIPAA has only one "P".

I am presently a privacy officer. Just about anything can identify a patient.

HIPAA regulated Patient identifiers include:

* Account Numbers * Name(s) of relative(s) * Biometric identifiers * Names * Certificate/License numbers * Medical Record Number * Dates * Photographs and comparable images * Device identifiers * Postal Address * Email addresses * Social Security Number * Fax numbers * Telephone numbers * Health Plan Numbers * Vehicle identifiers including license plate numbers * IP address numbers * Web URL's * Any other unique identifying number, characteristic, or code

Thank you but let me clarify what I am trying to find out. I need to know what the specific hipaa violations are for patient identifiers and an article to back it up. I do know that it is a violation to have more than two patient identifiers (eg. name, DOB). So does anyone know where I can find an article supporting this?

mudd68

Specializes in LTC, Wounds, Med/Surg, Tele, Triage.

I am not clear on what you need. Having the 2 is not the problem. But if you identify your pt in the hallway around 3 visitors using even one identifier, it is a violation. Can you clarify your request, again? sorry.

I have been searching on the HIPAA website for documentation on what are violations for patient identifiers but can not seem to come up with a specific document for this. I am doing a change project for the ICU and am redoing their white board that has all of the pt's, room#'s, and RN's assigned and need to prove they are not violating any HIPAA rules regarding patient identifiers. Please let me know if you need more clarification. Sorry for all of the confusion. :wink2:

wubbzy

Specializes in ER, LTC, MDS, Hospice. Has 18 years experience.

When you find out what you want, please let me know. I am going after a doctor, pharmacist, and hospital for violating the federal HIPAA law with me! I'll be interested to know what you find out and so will my attorney. Thanks!

BabyLady, BSN, RN

Specializes in NICU, Post-partum.

Thank you but let me clarify what I am trying to find out. I need to know what the specific hipaa violations are for patient identifiers and an article to back it up. I do know that it is a violation to have more than two patient identifiers (eg. name, DOB). So does anyone know where I can find an article supporting this?

The "two patient identifyers" is not true.

A date of birth isn't going to identify a patient without a name, however, it's unnecessary information...you only need to know the age of the patient, so birth year would be a better option.

A name alone, not coupled with anything, is the biggest identifier at all. It's best to only use first and last initials...when you start doing research projects from professional journals, this is very often how patients are referred to in articles.

Finding an article, I believe, is part of your assignment. You first need to understand what constitutes a HIPAA violation to start with...once you learn that, you'll find that articles are easy to find online.

What research have YOU done so far?

BabyLady, BSN, RN

Specializes in NICU, Post-partum.

I have been searching on the HIPAA website for documentation on what are violations for patient identifiers but can not seem to come up with a specific document for this. I am doing a change project for the ICU and am redoing their white board that has all of the pt's, room#'s, and RN's assigned and need to prove they are not violating any HIPAA rules regarding patient identifiers. Please let me know if you need more clarification. Sorry for all of the confusion. :wink2:

An important clarification is where the board is located. It is not a HIPAA violation to share information that is needed in patient care.

ALL the nurses of the unit need to know which patient is in which room, the primary diagnosis, the physician and their age b/c their primary nurse may not be immediately available in the event of an emergency. Anything more than that, is most likely, not necessary unless you are the nurse attending the patient.

If the board is in the nurses station where the public can view it, then nothing more than the room numbers and the RN assigned would be appropriate...nurses should be given handouts at report so they know who is where, physician, age, primary diagnosis with a policy that the papers are put in the shredder at the end of the shift.

An important clarification is where the board is located. It is not a HIPAA violation to share information that is needed in patient care.

ALL the nurses of the unit need to know which patient is in which room, the primary diagnosis, the physician and their age b/c their primary nurse may not be immediately available in the event of an emergency. Anything more than that, is most likely, not necessary unless you are the nurse attending the patient.

If the board is in the nurses station where the public can view it, then nothing more than the room numbers and the RN assigned would be appropriate...nurses should be given handouts at report so they know who is where, physician, age, primary diagnosis with a policy that the papers are put in the shredder at the end of the shift.

:bow:Thank you very much. Do you know of any book's, articles or other scholarly material where I may find more information on this topic to back this up. The books I have are not producing good information in this topic.

It is simply not a violation to use whiteboards. HIPAA does not intend to impede safe, effective healthcare. It simply tries to enforce the "minimum necessary". If it's necessary to use a whiteboard, and you can defend it, then it's okay. From my years of working with HIPAA and my understanding of the regs, putting "pt's, room#'s, and RN's assigned" on a whiteboard to aid in treatment (taking reasonable effort to avoid unnecessary disclosures) is perfectly fine and is not a violation. The HIPAA regulations do not address whiteboards directly. Thus, you are not likely to find something that is not there.

HIPAA privacy is a long, complex regulation. It is not easy to grasp the big picture without studying it a great amount. Be careful about the number of identifiers. Even one identifier could be a violation. "BabyLady" is giving good advice. She obviously has some HIPAA experience. I do disagree slightly about the birth date not being an identifier by itself.

I suspect you are not going to find any scholarly information, however, some links below say what I've read in the hundreds of pages HIPAA explanations. I hope this helps.

http://www.hcpro.com/HIM-227698-140/HIPAA-refresher-Faxing-PHI-retaining-patient-emails-using-whiteboards-and-more.html

http://www.hcpro.com/HOM-206714-1049/Recognize-common-HIPAA-myths-and-misconceptions-Whiteboards-storing-records-and-business-associates.html

http://74.125.77.132/search?q=cache:MXFfKZO1EQsJ:www.pihn.org/Newsletters/PIHNemailnewsletter0206.doc+hipaa+whiteboards&hl=en&ct=clnk&cd=6&gl=us&client=firefox-a

http://www.fepblue.org/mediaroom/hipaa/2008-03-hipaa-myths.html

http://www.omnisure.com/login%20area/Newsletters/HIPAA.pdf

http://iubonetumor.com/pdf/privacy.pdf

BabyLady, BSN, RN

Specializes in NICU, Post-partum.

:bow:Thank you very much. Do you know of any book's, articles or other scholarly material where I may find more information on this topic to back this up. The books I have are not producing good information in this topic.

Like the other poster said...HIPAA regulations is long, however, you are most likely not going to find a hard core, concrete, step by step guide of every situations of what is acceptable versus what is not, because in healthcare, there are so many variations in situations.

I guess the way to answer your question is to say that there is a "spirit" to HIPAA regulations very similar to the "spirit" of the law...even though we have laws, ordinances, regulations that protect our society, you won't find a concrete guide to every human situation even in the law books...that is where things like case law, court decisions, "common practice" things like that take over....and also, why it changes from time to time.

HIPAA, is the same way.

If it's information that you NEED in order to provide good, safe, healthcare...then it's not a violation.

If it's information that isn't necessary, out of curiosity, to make things convenient that could easily be left out, then it probably is one.

Not sure if that helps or not.

dabearrn

Specializes in ICU, ER. Has 13 years experience.

Looks like to me a photo of a tumor on an OR tray would not be considered a HIPAA violation. That is what happened here a couple of days ago and one of the hospital administrators is having a hissy fit saying that they are going to be sued by the FBI for a HIPAA violation, and he want to fire everyone who was in the operating suite.

Guest
This topic is now closed to further replies.