TRS HEALTHCARE PROVIDER HIPAA TRAINING POLICY
Purpose: The TRS Healthcare Provider will be knowledgeable about HIPAA and the information that the Privacy Rules protects.
HIPAA –The American Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides federal protections for individually identifiable health information held by covered entities and their business associates. HIPAA give patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. These rules apply to “covered entities” including AmediStaf, L.L.C.,and The Right Solutions.
HITECH – The Health Information Technology for Economic and Clinical Health Act expands the obligations of health care providers to protect patients’ protected health information. Business associates are separately and directly liable for violations of these rules.
PHI – Protected Health Information includes any information about health status, provision of health care, or payment for healthcare that can be linked to a specific individual.
- Can a provider in a healthcare organization use an electronic database to access the medical record of patient who was seen by another provider in the organization? Yes, as long as the provider will be treating that patient or is assisting another provider with the coordination of the patient’s care.
- If a healthcare professional describes a patient on a social media site with sufficient detail to be identified, would this be a HIPAA violation? Yes, this would be considered a breach of patient confidentiality or privacy.
- A healthcare professional discloses private information about a patient to one intended recipient. Could this be considered a breach of confidentiality? Yes, this too is a breach of confidentiality and patient privacy.
- During shift report, the healthcare provider communicates the name, diagnosis, treatment plan, and current medications to the oncoming healthcare provider who is to care for the specific patient. This would not be a HIPAA violation as that provider has a reason to know the patient’s health information.
- A healthcare professional is working with a pediatric patient and is “entertaining” him with her cell phone and takes his picture. She later shares this picture with her clinical group telling them about his diagnosis, room number, etc. HIPAA and nurse practice act standards are compromised by these actions.
- A healthcare professional submitted information to a local newspaper’s online chat room containing information about the patient she cared for that day. As it was a small town and information was released that could identify the patient, this was a violation of patient confidentiality.
A healthcare professional should be careful to avoid accidental or unintentional sharing of protected health information with anyone other than those who have a “need to know”.
All policies and procedures for maintaining the confidentiality and security of printed or electronic protected health information should be followed.
Healthcare professionals who violate HIPAA or patient confidentiality standards are subject to disciplinary actions by their licensing agency including a reprimand or sanction, assessment of a monetary fine, or temporary or permanent loss of licensure. Such violations may also result in civil and criminal penalties, including fines and possible jail time.
2017 National Patient Safety Goals and Requirements
Goal 1: Improve the accuracy of patient identification.
- Use at least two patient identifiers when providing care, treatment or services
- Eliminate transfusion errors related to patient misidentification
Goal 2: Improve the effectiveness of communication among caregivers.
- Report critical results of tests and diagnostic procedures on a timely basis.
Goal 3: Improve the safety of using medications.
- Label all medications, medication containers (for example, syringes, medicine cups, basins), or other solutions on and off the sterile field in perioperative and other procedural settings.
- Reduce the likelihood of patient harm associated with the use of anticoagulant therapy.
- Maintain and communicate accurate patient medication information
Goal 6: Reduce harm associated with clinical alarm systems.
- Improve the safety of clinical alarm systems.
Goal 7: Reduce the risk of health care-associated infections.
- Comply with current Centers for Disease Control and Prevention (CDC) hand hygiene guidelines or World Health Organization (WHO) Hand Hygiene Guidelines.
- Implement evidence-based practices to prevent health care-associated infections due to multidrug-resistant organisms in acute care and critical care access hospitals
- Implement evidence-based practices to prevent central line-associated bloodstream infections.
- Implement evidence-based practices for preventing surgical site infections.
- Implement evidence-based practices to prevent indwelling catheter-associated urinary tract infections
Goal 9: Reduce the Risk of Patient Harm resulting from falls.
- Reduce the risk of falls
Goal 14: Prevent Health Care-Associated pressure ulcers (decubitus ulcers)
- Assess and periodically reassess each resident’s risk for developing a pressure ulcer and take action to address and identified risks.
Goal 15: Identify Individuals at Risk for Suicide.
- Identify patients at risk for suicide.
Universal Protocol: Wrong site, wrong procedure, wrong person surgery can be prevented.
- Conduct a preprocedure verification process
- Mark the procedure site
- A time-out is performed before the procedure