The Health Insurance Portability and Accountability Act, or HIPAA, was instituted by the United States government in 1996 to provide a set of federal regulations governing how individuals' medical records can be used. This article provides information on HIPAA for nurses to keep in mind as they go about their day-to-day duties.
At the most basic level, these regulations protect the privacy of patients, and require that medical facilities get patient consent to use their identifiable health records except in the following cases:
1) Treatment: For the average nurse, this simply means that you can only look at records for those patients who are under your care. For instance, you are not allowed to access the records of someone you know if that person is not in your care. In many cases, it also means that you may not discuss a patient's condition with anyone else without the patient's consent. This may be a factor to consider if you need to call a patient at home or mail something to that individual.
2) Payment: A patient's health insurer has the right to request any records it needs to evaluate and pay a patient's insurance claim. While specific information is always sent to the insurer to process a claim, the insurer may also request additional records that may be related to the initial claim.
3) Operations: Every health care facility evaluates its operations, and is allowed to use its own patient records to do so within certain limitations.
What do the HIPAA regulations mean for you, as a nurse, in your everyday work life? First, your employer may offer a training program so you can understand how your facility approaches the HIPAA regulations. Next, it means that you will most likely be working on secure computers, and it is your responsibility to ensure that your computer screen is not easily seen by other patients. Also, always make sure to log off or lock the computer when you are not using it. HIPAA for nurses also requires that you use discretion when discussing your patients.
The HIPAA Privacy Rule is enforced by the U.S. Office of Civil Rights, and privacy breaches are punishable by civil fines. This is an important point, because, if you misuse patient information, you may be personally fined. All facilities that are subject to these regulations are required to keep a record of how each patient's information has been used, and they should be able to give a list, if requested, of all instances that a patient's file has been accessed or shared. These facilities are also required to report breaches to the governing agency.
The HIPAA regulations should not be a source of intimidation for nurses. You should remember that you, as a patient, are also protected by this law. If you would like to learn more about the HIPAA Privacy Rule, you can visit the website of the U.S. Department of Health and Human Services. Also, keep in mind that the regulations differ for research, so if you are interested in pursuing a career in research, you can review those regulations at the website for the National Institutes of Health.
Photo Source: Flickr