Protecting Private Information: It’s Everyone’s Responsibility
By Julie Whiteside
Editor’s Note: The following article is reprinted from the July/August issue of HUC NEWS, Children’s Hospitals and Clinics’ Health Unit Coordinator newsletter. It was written specifically for Health Unit Coordinators but the concepts are universal.
How many times a day are we as health unit coordinators responsible for keeping information confidential? Think about a typical day in the life of a HUC. Let your mind drift back to the past, maybe yesterday. A coworker mentioned in the elevator that your favorite patient had coded and been sent to PICU. The elevator was crowded and you knew you should not be talking about it, but your coworker protested that he hadn’t mentioned any names.
You could tell the night shift had been busy when you arrived on the unit. The med room doors had been propped open and your computer terminal had been logged into but left unattended. Papers were scattered across the desk and Johnny Brown’s lab results were displayed on top. You cleaned up the desk and closed the med room doors.
The phone began ringing and your day was off to a running start. The first call was from a doctor’s office requesting information on a patient who had been on the unit last week. You knew that you could look up the information in the old chart on-line but you also knew that would not be appropriate, so you transferred the call down to medical records.
The second call was from Mary’s grandfather asking how she was doing. You saw by the board that Mary’s mom requested no information out. You transferred that call to the nurse who would check with Mary’s mom or have mom talk to the grandparent.
A visitor who was not wearing a badge arrived at the desk. He asked for Timmy’s room. You informed him of the hospital policy for badges and sent him to the welcome desk to get one.
A doctor wanted to get some lab results from another institution. You handed him an Authorization for Release of Information form to fill out and have the parent sign.
Someone answered the pneumatic tube but left the medication lying on the shelf beside the tube station. You put the med in the med room and informed the nurse that it was there.
Another parent asked how the patient who went down to PICU was doing. She had been talking to the patient’s mom just before the code was called. You directed her to PICU so that she could talk with the parents directly.
Finally it was time to go home and you saw one of your friends on the way to the car. She had read in the paper about the little boy hit by a car and wondered how he was doing. You told her that you couldn’t give out information on patients, but she was persistent. Even though you knew your friend was genuinely concerned, you repeated what you had said.
Confidentiality is a big part of our work. It is important that we follow the guidelines set down by the hospital. Do you know what Children’s policies are concerning confidentiality? Do you know where to find that policy on-line?
Another source for hospital confidentiality guidelines is the rules set down for us by HIPAA (Health Insurance Portability and Accountability Act). HIPAA is a law that was enacted in 1996. One of the things it did was to create national standards for protecting people’s medical records and other individual health information. It proposed stiff penalties for failures to follow those guidelines.
Everyone is responsible for patient information security. Be aware of where patient information can be found on your unit and how you can protect that information. Can you think of other places not listed in the scenarios above? Try answering the following questions to check your confidentiality IQ:
1. True or False: You can assume that your employer will take full responsibility for your actions on the job.
2. True or False: A 16-year-old emancipated minor has been admitted with PID. Mom is very worried about her child and wants to know what is wrong. It is OK to let mom see the chart.
3. True or False: The employee in the elevator scenario above did not breach confidentiality because he did not mention any names.
4. True or False: Making copies of a patient chart is standard policy for patients being transferred to another facility. If only a few pages are requested, it is all right for the unit coordinator to make the copies to save time.
5. True or False: HIPAA is a federal act that seeks to provide continuous insurance coverage and includes privacy rules.
6. True or False: Sharing computer passwords may be OK in some situations.
7. True or False: Faxing documents is a risk to confidentiality.
8. True or False: There are minimal consequences for failure to follow HIPAA guidelines.
9. True or False: Confidentiality must be maintained in all instances.
10. True or False: Leaving printed patient information out in the open may be a privacy violation.
Answers:
1. False. The employer may be responsible for the employee’s actions only if the employee is following the policies and procedures of the employer
2. False. The child is an emancipated minor and the parent cannot be given information unless the child agrees. The nurse may ask you to call a social worker to work with both the child and the parent in this situation.
3. False. Even if the name was not mentioned, confidentiality could have been breached by other information in the conversation.
4. False. According to Children’s policy #101.00, Confidentiality and Privacy, “All requests for release of information from the electronic or paper medical record should be referred to Data and Record Services.” Copying charts for transfer falls into this category.
5. True. This act was signed into law in 1996 and does provide national standards for all hospitals.
6. False. Sharing passwords can lead to unintended breaches in patient confidentiality and should not be shared
7. True. Persons who fax confidential documents should take precautions when dialing the phone number, and should verify that the appropriate party received the document. Materials containing a patient’s HIV status or other highly sensitive types of conditions should not be faxed except in rare situations.
8. False. If you fail to protect patient privacy, the HIPAA regulations state that you and/or your organization can be fined $100 per violation up to $25,000 per person per year for each requirement or prohibition violated. Criminal penalties may also be imposed, up to $250,000 in fines plus up to ten years of prison time.
9. False. Confidentiality can be countered when there is a public interest in others being protected from harm, such as in cases of child abuse or suspected cases of neglect. Some diseases like TB or SARS may need to be reported to proper authorities if they pose public safety risks.
10. True. Any practice that could lead to a breach of confidentiality may be considered a privacy violation.
Resources:
American Medical Association – Patient Confidentiality. http://www.ama-ssn.org/ama/pub/categoroy/4610.html
Braunack-Mayer A, Mulligan E. Sharing patient information between professionals: Confidentiality and Ethics. eMJA Medical Journal of Australia: 2003 178 (6): 277-279
CETL: Reusable Learning Objects www.rlo-cetl.ac.uk why do we need confidentiality?
CHEX course: HIPAA: Protecting Patient Information
Children’s Hospitals and Clinics of Minnesota: Organizational Policy and Procedure Manual –101.00 Confidentiality and Privacy
HIPAA Compliance Strategies: http://www.aishealth.com/Compliance/HIPAAResource.html
Kuhns D, Noonan Rice P, Winslow L. Health Unit Coordinator: A Guide for Certification Review and Job Readiness. Delmar Cengage, 2008.
Julie Whiteside, CHUC, is a Health Unit Coordinator on 6th Floor at Children’s.
|
