Hipaa Scenarios

HIPAA's goal is to catch staff sharing patients' health information with those who do not need the information.

One of the privileges of working in health care is that we have access to our family and friends' health information so we can find out when they have an illness.

The goal of HIPAA is to protect confidential patient information from improper use or disclosure. If you see an apparent violation, you should report it to your instructor who will immediately assist you in contacting the Privacy Officer.

We do not have a right to access anyone's health information including family members unless it is directly needed for the completion of our job responsibilities for a patient. If you accidentally see patient information that is not directly needed for you to perform your job, you cannot share that information with anyone else.

Dr. Williams asks Sue, a nurse, to bring up his patient's lab results on the computer screen. Dr. Williams looks around and does not see any other staff or visitors in the area. He asks Sue to turn the monitor so he can see the chart. There is no other person around the desk when the screen is turned towards him. When Dr. Williams is finished, Sue turns the screen back around facing away from public view. Dr. Williams and Sue violated the patient's privacy by turning the screen and viewing the lab results.

Julie is a nurse entering notes into a patient chart at the nurse's station where visitors come to ask questions. Jeff, another nurse, steps out of a patient's room and asks Julie for help. Julie leaves the chart open on the desk, then goes to assist Jeff in the patient's room. Q: Leaving the chart open on the desk when the nurse leaves the area is OK because she will be right back and trying to find her place would take too much time.

Jennifer, a nurse, and Tom, a physical therapist, are eating lunch together in the cafeteria. They begin discussing a patient that they are both treating. The cafeteria is crowded and others around them can hear them referring to the patient's name and other confidential information. Q: They are violating the patient's privacy in this situation.

An adult daughter of an elderly patient is present in the room when his doctor enters to speak with the patient about test results. The patient introduces his daughter to the doctor, and then asks the doctor if the test results are back. The doctor begins to explain the results to the patient. Q: The doctor violated the patient's privacy by talking about the test results with the daughter present in the room. True or False?

In a Radiology waiting room, an x-ray technologist calls the next patient by name saying "Jane Smith, we are ready for your to get your sonogram now." Q: The x-ray technologist violated the patient's privacy by calling out her name and test to be performed.

Non-Retaliation Policy

HIPAA Patient Rights

There are four key parts which work together to protect PHI. One of them is TECHNICAL SECURITY, which is...

There are four key parts which work together to protect PHI. One of them is PHYSICAL SECURITY, which is...

There are four key parts which work together to protect PHI. One of them is TECHNICAL SECURITY MECHANISMS, which is...

There are four key parts which work together to protect PHI. One of them is ADMINISTRATIVE PROCEDURES, which is...

Privacy rules

Security rules

PATIENT: My doctor needs to discuss my treatment with other doctors and nurses. But the Privacy Rule prohibits doctors and nurses from discussing private health information if there is a possibility that someone will overhear. What if my doctor needs to discuss my condition with a nurse at a busy nursing station, or with me over the phone from someplace other than a private office? The privacy rule prevents these discussions.

PATIENT: The privacy rule will create a government database with all individual's personal health information.

PATIENT: The privacy rule prevents my pharmacist from filling my prescription before I show up and sign that consent. Now, instead of having the prescription waiting for me, I'll have to come to the pharmacy, sign a consent, and then wait around for hours while the prescription is filled.

PATIENT: The privacy rule prevents a friend or family member from picking up prescriptions for me. Now I'll have to get out of my sick bed to get my medicine.

PHYSICIAN: The privacy rule requires me to monitor the activities of my business associates.

PHYSICIAN: The privacy rule prevents me from using a sign-in sheet so I can know when a patient has arrived. I can't even call out the names of patients in the waiting room when its their turn for their appointment.

HOSPITAL: The privacy rule prohibits semi-private rooms. With two patients in a room, there is no way to guarantee that one won't overhear health information about the other. Now I'll have to rebuild my facility to include only private rooms.

HOSPITAL: The privacy rule allows doctors and nurses to see an patient's entire medical record, if I think they need it to do their jobs.

PHYSICIAN: The privacy rule requires covered entities to purchase expensive computer equipment.

INSURER: How are we supposed to do business under this Rule? It would prohibit doctors from faxing information to us, or to each other, or to their patients.

INSURER: What happens when I am required to report information under state law? I assume that if some other law requires me to disclose health information, I won't have to do a big analysis under the privacy rule, or get caught in the middle because the privacy rule might not allow the disclosure?

ANYONE: The Privacy Rule is delayed by the Administrative Simplification Compliance Act that was passed in December 2001.

This law delays compliance with the Transaction and Code Set standards for covered entities that file a compliance plan. This law does not apply to the Privacy Rule. The compliance date for the Privacy Rule is still April 14, 2003. (April 14, 2004 for small health plans).

PATIENT: The Privacy Rule requires my doctor to give my health information to researchers and the police (even if they don't have a warrant) and health plans, all they have to do is ask.

PATIENT: When my family member comes to pick me up from the hospital, the doctor will still be able to explain my condition and tell him what to expect when I return home. Right?

FAMILY MEMBER: The Privacy Rule would have prevented me from finding out information about my son in a hospital in New York on September 11.

Nursing is never practiced in isolation. It is a collaborative team operation. As a result, there are many times when you will need to discuss patient information with colleagues. In doing so, remember you must:

Leave documents where the public can easily access them, even accidentally. Many of you may use visitors' lounges for conferences. Do not leave your papers or any medical record information where it can be seen by others.

Do not leave documents where the public can easily access them, even accidentally. Many of you may use visitors' lounges for conferences. Do not leave your papers or any medical record information where it can be seen by others.

When documents containing patient information are no longer needed, shred them or dispose in designated containers.

Before you can release information about a patient, you must first confirm the identity of the person requesting information about the patient, whether in person, by phone, or in writing. What methods can be used to verify identity?

ALWAYS

DON'T