Confidentiality

1
Confidentiality

• HIPAA

2
Confidentiality

• To put it simply, everything regarding patients
  is confidential, especially if it is in the
  patients chart.
• The rule of confidentiality is extended to
  everyone who has access to the chart.
• The patients record is a legal document and is
  not the place for stories, complaints or jokes

3
Confidentiality

• Willfully entering incorrect information into a
  patients record legally constitutes fraud and is
  a complete breach of professional ethics.
• Information therein should never be discussed in
  public
• Failure to follow these rules can lead to legal
  action for breach of confidence

4
AS YOU LEAVE WORK OR YOUR CLINIC.

• Follow this rule!
• What you see here
• What you say here
• What you learn here
• LET IT STAY HERE
• WHEN YOU LEAVE HERE

5
HIPAA

• Health Insurance Portability and Accountability
  Act

6
What is HIPAA?

• A federal law designed to protect health
  information
• Went into effect April 14, 2003
• Everyone who has access to a patients health
  information is required to follow rules related
  to sharing of that information.
• Non-compliance with the law can result in fines
  or criminal penalties.

7
Privacy RuleCause for Concern

• 1 in 5 American adults believes their personal
  medical information has
• been disclosed improperly
• Half of these people believe that it resulted in
  personal embarrassment or harm
• California HealthCare Foundation
• Survey conducted by Princeton Survey Research
  Associates, January, 1999

8
Privacy RuleCause for Concern

• 1 in 7 Americans has tried to keep their medical
  information confidential
• Withhold information
• Provide inaccurate information
• Doctor-hop
• Pay out-of-pocket for care
• Avoid care altogether
• California HealthCare Foundation
• Survey conducted by Princeton Survey Research
  Associates
• January 1999

9
Cause for Concern

• A hospital in Montana posted the psychiatric
  records of dozens of children on its public web
  site, where they remained until discovered by a
  newspaper reporter.
• In Jacksonville, FL, a woman brought her teenage
  daughter to work and left her unattended at a
  logged in computer. The girl looked up patient
  phone numbers, and phoned to tell them that
  theyd tested positive for HIV. One patient
  attempted suicide.
• In Miami, Florida, several hundred hospital
  workers browsed though the records of a famous
  patient who had recently come to the facility.

10
Civil/Criminal Penalties

• 25,000 for multiple violations of same standard
  in a calendar year
• 250,000 and/or imprisonment up to ten (10) years
  for use of PHI for commercial advantage, personal
  gain, or material harm

11
Permitted Disclosures

• Patient
• Personal Representative Examples
• Legal guardian
• Power of attorney
• Family, Relative, Next of Kin

12
Permitted Uses and Disclosures of PHI

• Permitted
• Treatment
• Payment
• Health Care Operations

13
Treatment

• Provision of health care by provider
• Coordination of health care among providers
• Referral of patient from one provider to another
• Coordination of health care or other services
  with 3rd parties if authorized by patient

14
Payment

• Determining coverage of health benefit claims
• Billing, claims management and medical data
  processing
• Review of health care services with respect to
  medical necessity, coverage, appropriateness
• Utilization review activities

15
Health Care Operations

• Quality assessment and improvement
• Legal services
• Evaluating performance of health care
  professionals
• Training future health care professionals
• General administrative functions

16
Patient Authorization

• Must get authorization for all other uses such
  as
• Marketing
• Clinical research
• Mental health
• Substance Abuse
• HIV
• Any others

17
Patient Rights

• Confidentiality of PHI
• Privacy Notice
• Request Restrictions
• Confidential Communications
• Access to Medical Record
• Accounting of Disclosures
• Amend/Correct Medical Record
• File a Complaint

18
What is Protected Health Information (PHI)?

• Individually identifiable information
• Health information
• Demographics
• ANY form or medium
• Oral
• Written
• Electronic

• Name
• Photograph
• Social security
• Finger prints
• Health status
• Admission date
• Diagnosis
• Medical record
• Address
• Birth date
• Telephone
• Fax
• Email

19
Suggestions

• IF you are unsure if disclosure of health
  information is permitted, it is best to get
  authorization from the patient first.
• Become familiar with your employers standard
  operating procedure related to HIPAA
• Become familiar with your employers privacy forms.

20
Patient Rights Confidentiality

• Confidentiality of PHI
• Never share PHI unless job related

21

• Internet Social Networking Sites such as My Space
  or Facebook etc

• Be careful not to mention any patient information
  on those sites
• Do not ask a patient to join your friends list

22
Patient Rights Confidentiality

• Confidentiality of PHI
• Access PHI on need to know basis
• Dispose of PHI confidentially

23
Patient Rights Confidentiality

• Telephone- Calls to Patients
• Appointment reminders
• Voice message
• Leaving information with family
• Check to see patient preference

24
Patient Rights Confidentiality

• Telephone- Calls from Family/Friends
• What can be shared
• Professional judgment
• Use Privacy Rule when uncomfortable

25
Patient Rights Confidentiality

• Security
• Walk through with critical eye
• Patient schedules
• Simple changes
• Reasonable
• Increased awareness

26
Patient Rights Confidentiality

• Faxing
• Pre-call
• Cover sheet
• Call if error occurs
• Disposal

27
Patient Rights Confidentiality

• Email
• Non-secure
• Patient consent
• Subject line
• Security regulations

28
Patient Rights Confidentiality

• Incidental Disclosures
• Calling out patients name
• Sign-in sheet
• Reasonable
• Limit where possible

29
Patient Opportunity toObject or Agree

• Disclosing PHI to family, friends, others
  assisting in patients care
• Patient present/conscious
• Verbal agreement
• Opportunity to object
• Use professional judgment

• Patient not present/unconscious
• Best interest of patient
• Relevant to persons involvement

30
Disclosure of PHI

• Must verify identity and authority before
  disclosing
• If not known to you require
• ID/badge
• Verbal affirmations
• Legal documentation
• Use professional judgment

31
Patient Rights Privacy Notice

• Patient has the right to receive a notice of
  privacy practices
• Given to every patient at first encounter
• One time document
• Acknowledgment form to be filed

32
Patient Rights Privacy Notice

• Notice describes
• How medical information is used and disclosed by
  covered entity
• Summary of patient rights
• Who to contact
• How to file a complaint and ask questions

33
Patient RightsRequest Restrictions

• Informal
• Ask caregiver to restrict what is told to others
• Caregiver uses professional judgment
• Inform patient of their decision
• Applies to current episode of care

• Formal
• Refer to Privacy Officer
• In writing
• 30 days

34
Patient RightsConfidential Communications

• Receive communication at alternate address
• No reason given
• Administratively reasonable

35
Patient RightsAccess to PHI

• Access or inspect their medical record
• View with staff present
• Obtain copies
• 30 days

36
Disclosures

• Permitted with no need for authorization from
  patient
• Required by law
• Public health activities
• Health oversight agencies
• Victim of abuse, neglect
• Law enforcement purposes
• Organ donation
• To avert serious threat to health or safety
• Specialized government functions
• Workers compensation

37
Patient RightsCorrections/Amendments

• Informal process Correct medical record
• For inaccurate information
• Use professional judgment

• Formal process Amend medical record
• In writing
• Determination based on circumstances

38
Patient RightsFile a Complaint

• Privacy Officer
• Secretary of Health and Human Services

39
Patient Rights Confidentiality

• Big Daddy, super sports star, was injured
  during a game and comes to your practice wanting
  to get some emergency dental work. All your
  friends are begging you to find out more
  information about what happened to Big Daddy.
  Your position gives you access to patient records
  and it would be easy to find out everything
  everyone is curious to know. Big Daddy won't
  know or care. He might even have be pleased to
  know that everyone is so concerned about him.
  Plus, some of the information will come out in
  the press in a few days anyway. What do you do?

40
Patient Rights Confidentiality

1. Sneak a peek at the chart but refuse to share any
   information with friends.
2. Sneak a peek at the chart on your own personal
   time and share only information that will become
   public anyway.
3. Explain to friends that a professional in any
   health care institution cannot look at patient
   records without a good reason to know the
   information for health care or billing purposes.
4. Explain to friends that the institution has an
   audit system that will track anyone who looks at
   the patients record and that you will lose your
   job unless you had a good reason to look at the
   chart.

41
Patient Rights Confidentiality

1. Sneak a peek at the chart but refuse to share any
   information with friends.
2. Sneak a peek at the chart on your own personal
   time and share only information that will become
   public anyway.
3. Explain to friends that a professional in any
   health care institution cannot look at patient
   records without a good reason to know the
   information for health care or billing purposes.
4. Explain to friends that the institution has an
   audit system that will track anyone who looks at
   the patients record and that you will lose your
   job unless you had a good reason to look at the
   chart.

42
Patient Rights Confidentiality

• You are a health care professional caring
  for Mr. Linn, a patient. Dr. Herra approaches
  you and asks to see Mr. Linns chart. She is not
  his physician but is his next door neighbor. I
  just want to know what he has so I can help, she
  explains. What do you do?
• Hand over the chart so she can help manage his
  care. Shes a doctor and knows what shes doing.
• Smile and ask, Do you have his permission?
• Hand over the chart and tell your supervisor what
  happened.
• Ask Dr. Herra to complete an acknowledgment
  releasing the medical record to her.

43
Patient Rights Confidentiality

• You are a health care professional caring
  for Mr. Linn, a patient. Dr. Herra approaches
  you and asks to see Mr. Linns chart. She is not
  his physician but is his next door neighbor. I
  just want to know what he has so I can help, she
  explains. What do you do?
• Hand over the chart so she can help manage his
  care. Shes a doctor and knows what shes doing.
• Smile and ask, Do you have his permission?
• Hand over the chart and tell your supervisor what
  happened.
• Ask Dr. Herra to complete an acknowledgment
  releasing the medical record to her.

44
Patient Rights Confidentiality

• You attend a weekly meeting where a list of
  patient names, medical record numbers and
  diagnoses are distributed for purposes of
  discussion. After everyone else leaves the
  meeting you notice that several copies of the
  patient list are still on the table. What do you
  do?

45
Patient Rights Confidentiality

• A. Toss them in the wastebasket to make sure the
  next group using the room doesnt see them.
• Alert the person who distributed the list to make
  sure the problem doesnt happen again.
• Pick up all the copies and dispose of them
  confidentially to make sure the information does
  not become public.
• Pick up all the copies, dispose of them
  confidentially, and raise the issue of privacy
  practices at the next meeting.

46
Patient Rights Confidentiality

• A. Toss them in the wastebasket to make sure the
  next group using the room doesnt see them.
• Alert the person who distributed the list to make
  sure the problem doesnt happen again.
• Pick up all the copies and dispose of them
  confidentially to make sure the information does
  not become public.
• Pick up all the copies, dispose of them
  confidentially, and raise the issue of privacy
  practices at the next meeting.

47

• Dr. Good is discussing a patients care with a
  nurse just outside the patients door. Another
  patient wandering in the halls hears what is
  being said. Dr. Good later discusses the case in
  the elevator with Dr. Timely. Everyone in the
  elevator hears the conversation. Has Dr. Good
  violated the privacy regulations?

48

• No, because the privacy regulations only cover
  written or electronic information.
• No, because the regulations allow health care
  providers to discuss anything they want, anywhere
  they want.
• Yes, conversations about a patient should occur
  only where there is no possibility of being
  overheard.
• Maybe. It depends on whether Dr. Good could
  reasonably have found more private times and
  places to discuss the case.

49

• No, because the privacy regulations only cover
  written or electronic information.
• No, because the regulations allow health care
  providers to discuss anything they want, anywhere
  they want.
• Yes, conversations about a patient should occur
  only where there is no possibility of being
  overheard.
• Maybe. It depends on whether Dr. Good could
  reasonably have found more private times and
  places to discuss the case.

50
Helpful Websites

• http//www.hhs.gov/ocr/newfaq
• OCR frequently asked questions
• http//privacy.med.miami.edu/index
• http//policies.uihc.uiowa.edu
• http//www.wedi.org/snip

51
QUESTIONS?