Published Oct 24, 2010
Paulieg69
6 Posts
I work on a med-surge ward where rooms hold 1-4 patients. There is a recent push for bedside report, but resistant nurses claim that it is a HIPAA violation if bedside report is given when roomates are present. My argument was how 2 patient identifiers are accomplished since these meet the same criteria as protected data. The struggle continues. Can anyone out there help?
JenJen82084
34 Posts
Bedside report in a roomful of other patients IS a violation of HIPAA guidelines because it gives detailed information about a patient's diagnosis, treatment, and plan of care while it is linked to a specific patient name. I can understand your concern that even obtaining patient identifiers while giving meds and performing bedside procedures could be a violation of HIPAA, but since it is a name only and nothing else, it is acceptable in a room with many patients. I personally do not prefer giving bedside report even when the patient has a private room. There might be certain things you need to clue the oncoming nurse in about the patient's behavior or overbearing family that should not be discussed in front of the patient. I am interested to know why your unit is pushing to do this?
tyvin, BSN, RN
1,620 Posts
The last two places I worked at we did bedside report or what we called it was walking rounds. I prefer this to the traditional report. As far as disclosing any confidential info to others in the room you must use your discretion and develop a style.
Many oppose this as I did when I first had to do it but after awhile I really began to prefer it. Don't be too hard on it; give it a chance, you might be surprised.
PatricksRNMommy
89 Posts
Just being devil's advocate here, but then wouldn't almost any contact with that patient be a HIPPA violation if you are discussing with them their plan of care, ordered med/treatments, diagnosis, medical history, etc....?
j621d
223 Posts
"Bedside" report doesn't mean you are literally at the bedside (maybe in some institutions it is). Use your nursing judgement! Outside the room, away from big ears, will be appropriate in some situations. In others giving report literally at the bedside may be appropriate. Some patients will want to be more involved in their care, and giving report bedside may be part of the healing process for the patient. On the other hand, some patients may not understand the information and for them, it would not be appropriate.
OttawaRPN
451 Posts
One of my hospitals recently implemented bedside reporting in an attempt to increase patient satisfaction as presumably patients were complaining of feeling "left out." They seem to have gotten around the obvious privacy and confidentiality infractions by having the outgoing nurses say "is it okay if I give report to your nurse here?" Patient gives consent, voila... no privacy violation. We're expected to draw the curtain, turn our backs to the other beds and speak in low hushed tones... However, unlike the nurses, patients aren't acutely aware that the walls are very thin, how far voices carry, and there's the silly illusion that a pulled curtain means NOTHING can penetrate it.
In theory, it looks good. In practice, it's been a nightmare: nurses not getting out on time, information getting missed, families p.o'd that nurses are rushed. I tried it, and I hate it, I hate it, I hate it. I want to flush it down the hopper.
mappers
437 Posts
It's not a HIPAA violation if you ask permission of the patient and they consent. If they don't consent, then you do it somewhere else.
We did it at my last hospital. At first I was reluctant, but after we got used to it, it was fine. Most patients liked it and it really didn't take longer than other reports.
NRSKarenRN, BSN, RN
10 Articles; 18,926 Posts
no it is not a hipaa violation when resonable precautions are taken:
a. outgoing shift asks permission of patient.
b. multiple family present: ask patient who may stay during report
c. close curtain between paitents and in quieter voice discuss plan of care including patient in discussions
d. sensative info discussed outside patients room in private area.
congressional research service ˜ the library of congress
medical records privacy: questions and answers on the hipaa final rule
what about incidental disclosures? incidental uses and disclosures of health information that occur as a result of a use or disclosure that is otherwise permitted by the privacy regulation are not considered violations of the rule, provided that the covered entity has met the reasonable safeguards and minimum necessary standards. examples of incidental uses and disclosures include patient sign-in sheets, bedside charts, and confidential conversations that are inadvertently overheard by others.
hhs.gov: hipaa regs
summary of the hipaa privacy rule
incidental use and disclosure. the privacy rule does not require that every risk of an incidental use or disclosure of protected health information be eliminated. a use or disclosure of this information that occurs as a result of, or as "incident to," an otherwise permitted use or disclosure is permitted as long as the covered entity has adopted reasonable safeguards as required by the privacy rule, and the information being shared was limited to the "minimum necessary," as required by the privacy rule.27 see additional guidance on incidental uses and disclosures.incidental uses and disclosures: how the rule worksgeneral provision. the privacy rule permits certain incidental uses and disclosures that occur as a by-product of another permissible or required use or disclosure, as long as the covered entity has applied reasonable safeguards and implemented the minimum necessary standard, where applicable, with respect to the primary use or disclosure. see 45 cfr 164.502(a)(1)(iii). an incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the rule. however, an incidental use or disclosure is not permitted if it is a by-product of an underlying use or disclosure which violates the privacy rule.reasonable safeguards. a covered entity must have in place appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the privacy rule, as well as that limit incidental uses or disclosures. see 45 cfr 164.530©. it is not expected that a covered entity's safeguards guarantee the privacy of protected health information from any and all potential risks. reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business. in implementing reasonable safeguards, covered entities should analyze their own needs and circumstances, such as the nature of the protected health information it holds, and assess the potential risks to patients' privacy. covered entities should also take into account the potential effects on patient care and may consider other issues, such as the financial and administrative burden of implementing particular safeguards.many health care providers and professionals have long made it a practice to ensure reasonable safeguards for individuals' health information - for instance:by speaking quietly when discussing a patient's condition with family members in a waiting room or other public area;by avoiding using patients' names in public hallways and elevators, and posting signs to remind employees to protect patient confidentiality;by isolating or locking file cabinets or records rooms; orby providing additional security, such as passwords, on computers maintaining personal information.
incidental use and disclosure. the privacy rule does not require that every risk of an incidental use or disclosure of protected health information be eliminated. a use or disclosure of this information that occurs as a result of, or as "incident to," an otherwise permitted use or disclosure is permitted as long as the covered entity has adopted reasonable safeguards as required by the privacy rule, and the information being shared was limited to the "minimum necessary," as required by the privacy rule.27 see additional guidance on incidental uses and disclosures.
incidental uses and disclosures: how the rule works
general provision. the privacy rule permits certain incidental uses and disclosures that occur as a by-product of another permissible or required use or disclosure, as long as the covered entity has applied reasonable safeguards and implemented the minimum necessary standard, where applicable, with respect to the primary use or disclosure. see 45 cfr 164.502(a)(1)(iii). an incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the rule. however, an incidental use or disclosure is not permitted if it is a by-product of an underlying use or disclosure which violates the privacy rule.
reasonable safeguards. a covered entity must have in place appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the privacy rule, as well as that limit incidental uses or disclosures. see 45 cfr 164.530©. it is not expected that a covered entity's safeguards guarantee the privacy of protected health information from any and all potential risks. reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business. in implementing reasonable safeguards, covered entities should analyze their own needs and circumstances, such as the nature of the protected health information it holds, and assess the potential risks to patients' privacy. covered entities should also take into account the potential effects on patient care and may consider other issues, such as the financial and administrative burden of implementing particular safeguards.
many health care providers and professionals have long made it a practice to ensure reasonable safeguards for individuals' health information - for instance:
articles:
d laws, s amato - rehabilitation nursing, 2010
incorporating bedside reporting into change-of-shift report
...the joint commission (2000) has identified communication failures during shift reports as a leading cause of sentinel events in the united states. providing adequate information during change-of-shift reporting is essential to promoting patient safety; however, information is often lost during traditional audiotaped reports. often times, repetitive and irrelevant information is passed on while key information is left out...
b grant, sh colello - nursing management, 2010
culture change through patient engagement
...if patients are to be involved in their plan of care, clearly they should be at the
center of the report. but when families or guests are present at the change of shift, nurses must
be careful to include only those the patient wants to include...
vanderbilt medical center checklist
pre - bedside report checklist bedside report guide 1. introduce ...
BittyBabyGrower, MSN, RN
1,823 Posts
They call it an "incidental" violation at our hospital and there is no consequence for it.
BabyLady, BSN, RN
2,300 Posts
If I was the patient, I would consider it a HIPAA violation because if another place exists that is reasonable to give report to, the patient's privacy should come first.
Since the law permits incidential disclosure and regulatory agencies like JC encouraging bedside reporting as a means of improved patient hand off and patient involvement in their own care, it's not a HIPAA violation.
I think you missed the part that the patient has to give verbal consent first. No consent = no bedside report.