The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is perhaps best known for protecting consumers' health insurance coverage after job changes. However, the law has a broader scope addressing public concerns about the use and abuse of protected health information (PHI) by insurance companies and other involved third parties. HIPAA also provides protection for the privacy and security of patients' health information and mandates significant modifications to the way in which providers handle the submission of claims and other related transactions with particular attention to electronic communications. Compliance with these new standards is legislatively mandated and healthcare providers labeled as `covered entities' (CEs) who are affected by the legislation must be in compliance by April 14, 2003. The advent of HIPAA and the attention now being given to the privacy and security of identifiable health information is changing the standards of how identifiable health information is handled. Healthcare providers must ensure the protection of protected health information from inadvertent and deliberate misuse and disclosure. HIPAA standards determine what information is protected by privacy standards and what restrictions are placed on using and disclosing health information. When a healthcare entity releases information, it should be limited to the minimum necessary to achieve the purpose of the disclosure. A minimum standard for release of information should include who needs to know, what they need to know, and how they will be informed. The policies for minimum necessary may differ in each healthcare setting, according to the setting. The main components of the law of interest to nurses are those of security, privacy, individual rights, and transaction standards.
SECURITY
HIPAA establishes how covered entities interact with patient information. Data security is a top priority for healthcare information. Security standards under HIPAA are closely related to the privacy standards and include such issues as electronic signatures, the safeguard of data integrity, confidentiality, and access to information. The primary focus of security measures is data integrity with backup procedures and proper control of access with passwords and encryption. Security programs must be monitored, and a security officer must be designated. Healthcare facilities must develop policies related to access and restrictions to healthcare information and protection of the integrity of electronic data. Access to and transmission of clinical information over the Internet requires strict, stateof-the-art security measures.
Access to both hardware and software must be controlled through tracking the location of entry devices and access to them; back-up systems; data storage; password protection; access to computer screens; backup and recovery; protection of systems from natural or manmade disasters, i.e. terrorist events; and protection from hackers and viruses. The control/security program in each facility must also include e-mail and faxes.
What is the everyday reality to the nurse? If you work in any environment where you use computer technology that contains PHI, you will see some effects of HIPAA regulations. Many of the privacy provisions will be second nature to nurses, who have long been aware that they cannot divulge patient information freely. Some late entries into the caregiver role, such as patient care assistants, may not have learned to be so vigilant in their preparatory programs. Nurse managers will be called upon to ensure that their employees are not sharing computer IDs. Staff nurses who are charged with the responsibility of overseeing technical personnel or agency staffers may need to be involved in issuing and changing temporary passwords. Computer screens in nursing stations or that are readily visible to non-staff members will need placement changes to protect PHI from readily being viewed. Short screen saver times and screen saver passwords may be necessary, depending on the setting.
PRIVACY
HIPPA privacy regulations are complex and extensive and require that facilities develop plans that ensure compliance in their setting. HIPPA mandates the development of and compliance with privacy regulations covering PHI and the electronic transmission of health information. Information subject to HIPAA regulation includes personal health information for health plans, health clearinghouses, and healthcare providers. This includes claims, claim status, encounter information, enrollment information, eligibility information, coordination of benefits, and payment/remittance advice. Patients have control over the use of their health information, have rights to information on the disclosure policies of healthcare providers, may review and request amendments to their medical information, and may limit the scope of data disclosed to other healthcare providers.
The HIPAA impact on nursing is hardest to define for the standards of privacy. It will differ depending on the healthcare setting. Many modern privacy myths have surfaced. Is it true that in a doctor's office there can be no patient sign-in sheet and that patient's names cannot be called aloud? No, it is not. Reasonable precautions must be taken. In that physician's office, for example, charts left in the rack outside the exam room to facilitate the physician in treatment of the patient might be turned to the wall. Other patients being escorted to an exam room would not then have access to another patient's information. In the hospital or nursing home, a medication or treatment book left on the cart in the hall could be covered with a simple piece of cardboard to prevent passing eyes from seeing the contents of the record.
No comments:
Post a Comment