(HIM) HIPAA, Continued
HIPAA, Continued
Minimum Necessary
What are the Minimum Necessary requirements? Use/disclosure of PHI is limited to the minimum amount of health information required to do the job.
It means the development of policies/practices for sharing health information.
Not all healthcare professionals need to have access to all components of the patient's health information. For example, the hospital engineer entering a patient's room to fix the television does not need to know the patient's diagnosis. If the patient was infectious the only information that would be required is what protective equipment the engineer should wear.
Again, administrative safeguards play a vital role in the daily practices of Associates. Policies and procedures govern the practice and uphold the high standards of practice required when caring for people.
- Identify employees who regularly access PHI.
- Identify the types of PHI needed and the conditions for access.
- Grant only that access necessary to perform the job.
Hospitals limit the patient information that can be viewed by their Associates in many ways. The Informational Technology Department can delineate who has access to what information by job title and or position. For example, the Registered Nurse does not need access to patient charges or billing information.
Protections for Health Information
HIPAA has included in the Privacy Rules three important safeguards to protect health information. The first is physical safeguards. An example of this would be to have computer terminals located where unauthorized persons can not view the screens.
A second important safeguard is technical safeguards. An example would be when employees are given their own, unique password and are not to share their password with anyone. If they do, it would be grounds for termination. Their password is their electronic signature.
The third safeguard is Administrative. An example of an administrative safeguard would be for an organization to develop policies and procedures that reflect compliance with maintaining protected health information.
The Joint Commission Standards
Patient's Rights —
The hospital demonstrates respect for the following patient needs:
- Confidentiality
- Privacy
- Security
- Resolution of complaints
- Records and information are protected against LOSS, destruction, tampering, and UNAUTHORIZED ACCESS or use
According to The Joint Commission, all patients have rights and it is vital as healthcare workers that we ensure their rights are upheld and protected. Patients have a right to ensure all information that is provided to the healthcare professional and institution is kept confidential and private. The healthcare professional and institution also must ensure that their information is secured at all times and if they do have any complaints, those complaints will be resolved in a timely manner.
Faxing Guidelines
- Located in non-public areas.
- Centralized fax machines: Pick up information immediately
- DO NOT FAX the following records/results:
- HIV results
- Alcohol abuse
- Mental Health
- Substance abuse
- Narcotic prescriptions
- Child abuse
When you fax to outside offices:
- Check the transmission printout
- Verify that the correct number was dialed
Privacy
- No photographs or recordings of any type are to be taken of patients in the clinical setting.
- No cameras, palm pilots, cell phones, or any electronic devices with photography capabilities are permitted in the clinical environment.
Protect Your Patient!
The agencies that enforce the medical privacy regulations are the Office of Civil Rights and or the Director of Health and Human Services.
It's your job to make sure patients know they have the right to:
- To see and copy their PHI
- Protect patient privacy and confidentiality
- Contact your hospital's privacy administrator for any privacy concerns
[CC BY 4.0] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION