What should the nurse do in this situation HIPAA ATI?

In this section of the NCLEX-RN examination, you will be expected to demonstrate your knowledge and skills of confidentiality and information security in order to:

• Assess staff member and client understanding of confidentiality requirements (e.g., HIPAA)
• Maintain client confidentiality and privacy
• Intervene appropriately when confidentiality has been breached by staff members

According to the United States Department of Health & Human Services, the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy Rule provides federal protections for individually identifiable health information and gives patients an array of rights with respect to that information.

At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes such as health insurance reimbursement and quality improvement activities.

The Security Rule of HIPAA has administrative, physical, and technical safeguards to insure the confidentiality, integrity, and availability of electronic protected health information. This rule relates to electronic information security as well as other forms of information.

Our nation's Health Insurance Portability and Accountability Act (HIPAA) protects the patients' rights to the privacy and confidentiality of all medical information, including written, oral electronic information, unless the client has expressly consented to it in writing.

The HIPAA Privacy Rule legally limits access to medical records and information to only those who have a NEED to know. Those who have the need to know have this need because they need some data and information about the patient so that they can perform some indirect or direct patient care. For example, nurses have a need to know information about the patient so that they can provide the patient with quality care. Dietitians have to need to know some information about the patient so that they can assess and plan care for the patient as based on their nutritional needs and status, and, those who provide indirect care, such as the director of nursing, the infection control nurse, the wound care nurse and the members of the quality assurance department, also have a need to know about patients and groups of patients so that they can perform their roles even though they are not providing any direct patient care to the patient. Others who have a need to know are health insurance companies and students including student nurses.

All nurses must be aware of the implications of and the possible consequences for violations relating to the Health Insurance Portability and Accountability Act and the HIPAA Privacy Rule.

Few nurses violate patient confidentiality intentionally. It is often momentary lacks of judgment that lead to these breaches so nurses must consciously think before they act or speak.

Nurses should never discuss patients with others who do not have the "need to know". They must protect and secure client written records and they must also secure electronic records by protecting and not sharing their password and logging off after each entry.

Other things that protect patient privacy and confidentiality include not responding to any telephone or email inquiries about patients unless the inquiring person states a unique identifier for the patient such as a secret code number or word. Lastly Facebook, and other forms of social media, and photos using a cell phone are strictly prohibited.

All healthcare facilities have regulations, policies and procedures related to confidentiality and accessing client records. All nurses, and other healthcare providers, have the responsibility to be knowledgeable about these regulations, policies and procedures and adhering to them at all times without any breaches.

Personal privacy, including privacy during visits and during conversations as well as when they are getting personal care such as hygiene must also be upheld and maintained.

Assessing Staff Members' and Client Understanding of Confidentiality Requirements

The best way to know whether or not staff members understand and apply the requirements associated with confidentiality and privacy is to observe the staff member as they perform their roles and uphold these rights.

For example:

• Are all staff members knowledgeable about the Health Insurance Portability and Accountability Act (HIPAA)?
• Is the staff member carrying on idle conversations in the cafeteria about patients?
• Is the staff member logging off the computer before leaving the screen unattended?
• Is the staff member securing medical records so that anyone without the need to know has no access to them?

Clients must also know their rights and the rights of others in terms of medical information. Nurses can identify a knowledge deficit in this area when a patient asks a nurse a question like "What is wrong with that patient who is always screaming out?" or a similar question. Nurses should inform this inquisitive patient that you cannot share any information with them that relates to other patients.

Intervening Appropriately When Confidentiality Has Been Breached by Staff Members

The registered nurse has the professional, ethical and legal responsibility to insure that all client rights, including the clients' rights to privacy and confidentiality, are upheld, supported and advocated for.

Whenever a nurse witnesses any breach of confidentiality and privacy including, but not limited to, any unauthorized access to medical records by those without the need to know, idle discussions that violate HIPAA regulations, a failure to log off the computer when done, and the lack of privacy during change of shift reports, the nurse must intervene immediately by correcting the situation and not allowing it to continue.

RELATED NCLEX-RN MANAGEMENT OF CARE CONTENT:

SEE – Management of Care Practice Test Questions

Alene Burke RN, MSN is a nationally recognized nursing educator. She began her work career as an elementary school teacher in New York City and later attended Queensborough Community College for her associate degree in nursing. She worked as a registered nurse in the critical care area of a local community hospital and, at this time, she was committed to become a nursing educator. She got her bachelor’s of science in nursing with Excelsior College, a part of the New York State University and immediately upon graduation she began graduate school at Adelphi University on Long Island, New York. She graduated Summa Cum Laude from Adelphi with a double masters degree in both Nursing Education and Nursing Administration and immediately began the PhD in nursing coursework at the same university. She has authored hundreds of courses for healthcare professionals including nurses, she serves as a nurse consultant for healthcare facilities and private corporations, she is also an approved provider of continuing education for nurses and other disciplines and has also served as a member of the American Nurses Association’s task force on competency and education for the nursing team members.

Latest posts by Alene Burke, RN, MSN (see all)

New nurse tips: HIPAA & Privacy. Adhering to patient privacy is a major rule we follow as nurses. When you are first starting out as a nurse, you may be confused on what you are allowed to share with others regarding your patient and who you can tell. In nursing school, you should have heard of HIPAA. I remember as a student hearing about it and would constantly hear the phrase “Oh, that’s a HIPAA violation” which meant to me that someone was breaking a rule and could get into trouble.

In this article, I am going to talk about:

What is HIPAA?

How nurses follow HIPAA on the job?

Certain situations you may encounter as a new nurse that may confuse you on “is this a HIPAA violation?”

Tips on how to make sure you are ensuring patient privacy

What in the world is HIPAA?

How do you ensure you follow it? HIPAA is short for “Health Insurance Portability and Accountability Act” and it has many parts to it. However, as nurses the part we are most concerned about is the privacy section. In a nutshell, as healthcare providers we must take precautions in protecting a patient’s healthcare information.

How do we follow HIPAA on the job?

There are many ways we do it, and the hospitals we work in have ways to help us do it. For instances, most facilities on each unit have shred bins where all patient information is shredded. I always stress to my students to never take home a nursing report sheet or any patient information at the end of their shift. Always shred it!

Another way is by always placing a patient’s chart in secure a location when not in use, turning off or locking our screens when charting electronically, not talking to other patients about a specific patient on the unit, and only releasing patient information to designated individuals etc.

Situations you may encounter that will test you on Patient Privacy

In nursing school, you are not really taught “real world” case scenarios on how to deal with protecting patient information. Quickly, as a new nurse you will be tested by family members, staff, and other people who have the intention of obtaining information about a patient, and as the nurse you will have to recognize this so you don’t violate patient privacy.

Let me explain:

Numerous times, especially as a new nurse, I would receive random phone calls or be approached by individuals claiming to be a family member or a “concerned” neighbor that wanted information on a patient. Some of these people were very clever and tried to use persuasive language to convince me that they were allowed access to the patient’s health record.

So, new nurses and nursing students, always be on guard and listen to your gut. Tip for handling this is to always give the same response of: “Sorry, but I cannot give that information out”, especially anytime you are in doubt.

Another occasion that absolutely shocked me was when I found a nurse from another floor snooping through a chart outside a patient’s room. When I approached the nurse and asked her what she was doing, she said “Oh, this is my brother.”

I immediately removed the chart from her possession and told her she was not allowed to violate her brother privacy by looking through his chart and that she wasn’t authorized to look at his information. She became disgruntled and scoffed at me and said “I work here”. It turns out she and her brother was estranged and she was being nosy.

So, remember to always be discerning.

How can you know if you are allowed to give out patient information to someone?

On admission, the patient will fill out a form (we call it a VIP form) that has listed individuals’ names that are allowed to receive patient information. These individuals are given a special code and when they call or approach you all they have to do is give you the code and provide proof of who they are and you can give that information out.

Now regarding staff, only the healthcare team members who are participating in a patient’s care are allowed to access information. However, they are only able to access patient’s information that helps them do their job.

Tips on How to Protect Patient Privacy

• Dispose of papers appropriately! Always shred any patient information; never dispose of it in a trash can. In addition, never take home patient information or store it in your work locker.
• Ask the patient! Anytime you are concerned about releasing any information about a patient to a family member or friend always ask the patient. Many times a patient by request will tell you to explain what is going on with their hospital stay to a family member or friend. In your are unable to ask the patient, don’t release any information.
• Always be on guard! Beware of people trying to “pull the wool” over your eyes and trick you into releasing information about a patient. If you are unsure or feel something isn’t right, simply decline to release any information until you investigate the matter further.
• Don’t be tempted to share information about an “interesting” patient to another nurse! If a nurse on your unit is not participating in caring for your patient, you can’t tell them “interesting” facts about your patient.

Video on HIPAA and Patient Privacy