I think what is lost here is that HIPAA exists to protect health
information privacy- not any and all information pertaining to the individual. If you pulled up in a van that said ABC home health agency, DEF respiratory supplies, or XYZ DME company, would this patient's neighbors know any more than they do now when you fill out the form as you are currently doing?
I would encourage you to further research the difference between PHI (Protected Health Information) and SPI (Sensitive Personal Information). SPI includes information such as date of birth, SSN#, etc- information we certainly don't want to share. Generally, only PHI is covered under HIPAA. SPI is typically protected under separate organizational policies.
According to the Department of Health and Human Services (http://www.hhs.gov/ocr/privacy/hipaa...ary/index.html
), information that cannot be shared due to HIPAA regulation must include one of the following:
- "the individual's past, present or future physical or mental health or condition,
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the individual"
Most importantly, I would encourage you to always provide the "minimum necessary" information to security. Remember, just because they ask on the form why you are there and what company you are there from doesn't mean you have to answer those questions. Family and friends likely visit these patients too, and they don't have to fill out those boxes to see the patient, so you likely don't have to either. If security does need further information, handing the security staff a business card should likely suffice- then they get the information that you are an RN from ABC home health agency, but that is not connected to the patient and listed on the same form as the patient's name. If you remain concerned, talk with your supervisor, to get his or her take on the matter.