Question

what are your rights under HIPPA

Answer 1

As a nurse, you’re obligated to protect your patients’ privacy. Your commitment to keeping personal health information confidential isn’t only expected; it’s required by law. The most recent federal law governing patient privacy is the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which went into effect on April 14, 2003. HIPAA protects patient confidentiality by defining patients’ privacy rights, including who should have access to information about their condition, care, and payment for health care; what constitutes the patient’s right to confidentiality; and what constitutes inappropriate access to health records. HIPAA affects what you say to the patient’s family too. They also need the patient’s direct consent to learn anything about his care and condition; they don’t automatically have access to this information.

a number of simple ways nurses can help improve the security and privacy of patient information no matter what they are doing in the facility.

Situational awareness

The biggest adjustment that spans all tasks, facilities and responsibilities is improving situational awareness.

For nurses, discussing patient care is essential in most cases, and the potential exists for an individual’s health information to be disclosed incidentally. But as outlined in the incidental disclosure clause of the Privacy Rule, “certain incidental uses and disclosures of protected health information [are permitted] to occur when the covered entity has in place reasonable safeguards and minimum necessary policies and procedures to protect an individual’s privacy.”

This can include speaking quietly when discussing patient information with colleagues or a patient’s family, especially in a public area. It may also include using privacy filters on device screens to help protect patient information from being seen on a screen by a passersby glancing from a side-angle.

Document handling

Despite the huge increase in electronic health records, healthcare facilities still heavily rely on paper files. Whether it is printed lab results or information faxed over from a hospital or other provider organization, information exists in hard copy in a number of different situations.

Physical safeguards should not be overlooked when working toward HIPAA compliance.

When dealing with hard copy documents, papers or files shouldn’t be left lying at the nurse’s station. They should instead be stored in a secure drawer or file cabinet. Storage or record rooms also should be kept locked when unattended, and access should be limited to only essential and authorized personnel.

When a physical document is no longer needed for record purposes, nurses should properly dispose of it by shredding or placing in a locked bin to be shredded later.

Access to electronic systems

The digitization of medical records has the potential to improve the quality and efficiency of care for patients by making information more readily available to care providers. But it has also created significant challenges in helping keep information private and secure.

From desktop monitors at a nursing station to a laptop on a mobile cart to a tablet in an examination room, PHI is more accessible now in the form of EHRs and is displayed on exponentially more device screens.

This means the risk of data theft by visual hacking may have also increased. Defined as the viewing or capturing of sensitive or confidential information for unauthorized use, the threat of visual hacking will continue to increase as more and more information is collected and accessible in a digital format.

HIPAA states that healthcare providers must implement “physical measures, policies and procedures to protect a covered entity’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.”

It could include validating a person’s need to access certain information or include the use of privacy filters to help give organizations more flexibility to place devices in locations that maximize productivity while helping to protect sensitive information from side-angle views.

A Team Effort

There’s no doubt that nurses play a crucial role in protecting patients and their PHI. But the effort is not solely on these caregivers. All healthcare staff needs to commit to following security and privacy policies to help create the first line of defense in protecting confidential patient information.

Individual rights under HIPAA

Individuals have the right to

The right to receive a notice of privacy practices

Patients have the right to receive a notice explaining how a provider or health plan uses and discloses their health information.

Health care providers usually give patients this notice on their first visit and post it in the facility where patients may see it. Health plans (insurers) typically send their notices by mail after patient enrollment.

• Health care providers will ask patients to sign a form saying that they received a copy of the notice of privacy practices. The law does not require patients to sign this. However, signing does not waive a patient’s rights under HIPAA, and does not mean that the patient agrees with the privacy policy.

• If a patient refuses to sign, it does not prevent a health care provider from using or disclosing information in ways already permitted under HIPAA. A provider may not deny treatment if a patient refuses to sign an acknowledgement of having receive a notice of privacy practice

The right to access and request a copy of medical records

HIPAA gives patients the right to see and receive a copy of their medical records (not the original records).  

: To find out how to request access to a medical record, look at the notice of privacy practices. Patients can always request a copy of the notice, which should provide instructions for requesting records as well as contact information for asking questions or filing complaints.

• Patients have the right to access both paper and electronic records. An individual may request information in a specific format, and the covered entity must comply with the request if the data is readily producible.   If the data is not readily producible in the patient’s specified format, the covered entity and individual can agree on another format. If they can’t reach agreement, the covered entity will produce a hard copy.

For example, a patient might ask her doctor’s office to provide her records on an external portable storage device such as a USB drive. If the doctor’s office doesn’t agree to use the USB drive because it believes it is a security risk, the office and patient may reach agreement about another format. If they don’t agree, the doctor may provide a hard copy.

• patients want providers to send their health information to third parties such as another doctor, a relative, or an attorney. To do this, the patient should sign a request that clearly identifies which records to send, the designated person, and where to send the records.

he right to request an amendment to medical records

When patients access a medical record and find information they believe is inaccurate, they may file a written request that the record be corrected. The covered entity must respond to the request within 60 days. It may decide to take an additional 30 days, but must provide the individual with a written explanation for the delay and a date by which it will complete the action.

If the covered entity denies the request, it must provide the patient with the following information in writing:

• the basis for the denial (for example, the covered entity did not create the record, the information is not part of the designated record set, the individual is not allowed to access the record under another HIPAA provision, or the record is accurate and complete);
• that the individual has a right to submit a written statement disagreeing with the denial;
• that the individual may request that the covered entity provide the request for amendment and the denial with any future disclosures that pertain to the request; and
• how the individual may complain.