What April 14 Will Bring
The Health Insurance Portability and Accountability Act (HIPAA), effective April 14, requires all health care organizations to implement new privacy standards protecting the confidentiality, privacy and integrity of individually identifiable health information.
This means that BWH patients will receive a privacy notice upon registration and will be asked to sign an acknowledgement of receipt of the notice. The privacy notice will inform patients of their new and expanded rights regarding their health information under HIPAA. Training is currently in the planning stages with all practices’ front desk staff to prepare them to respond appropriately to patients’ questions and concerns.
The mandate may result in increased requests on behalf of patients to access their health information; amend their existing medical record; restrict communication involving their medical information; request an accounting of disclosures; or place a complaint of a violation of their privacy.
is mandate, all BWH nurses are required to complete HIPAA training. The training will also help staff to identify what is considered a breach of patient confidentiality once HIPAA goes into effect. All of BWH’s workforce must be trained by April 14. If you are not certain how your role will change as a result of HIPAA, contact your nurse manager or other supervisor.
Although nurses and other staff may not perceive the following seemingly innocent mistakes as violations, the following are examples of breaches of patient privacy under HIPAA.
1. An employee checks the medical record of a friend or family member, in order to see how they are doing. NOTE: If you are not a direct caregiver, checking a medical record of a friend or family member is prohibited.
2. A staff member leaves patient identifiable information in public areas (at reception desk; computer screens that are visible in public areas). NOTE: Remember to log off computer once you access on-line patient information or click the yellow lock in the bottom right hand corner of the computer screen to invoke the screen saver.
3. A staff member, who does not have his/her hospital computer key/password or does not remember their computer key/password, uses a co-worker’s computer key/password in order to document the results of a bedside blood glucose test performed on the PCX glucometer. NOTE: This test will be listed as being performed by the staff member whose computer key/password was entered into the PCX device. If a question arose about this result, the person whose computer key/password was used, would be contacted, not the staff member who actually performed the test.
4. A staff member writes a specific diagnostic test next to a patient’s name on a communication board that is visible to visitors on a patient unit. NOTE: White boards with names of patients are permissible, but patient-specific diagnostic information violates patient privacy. A cover page (“BWH Protects Patient Privacy”) can be placed over diet order and phlebotomy lists on clipboards.
5. A staff member discards a copy of a patient’s lab test results in a waste basket in another patient’s room. NOTE: Patient information that is not being filed in a patient’s record should be destroyed appropriately (i.e. shredded) so that the information is not available to others who do not have a right to this information.
Have You Received Your HIPAA Privacy Training Yet?
If you have not yet completed HIPAA training and received your blue card as a result, consider attending one of the following or check with your manager about special trainings within your department.
The following will take place in the Bornstein Amphitheater. Attendees are advised to arrive 15 minutes prior to the start time in order to sign in.
March 25 • 2:30-3:30 p.m.
March 26 • 11:30 a.m.-12:30 p.m.
March 31 • 2:30-3:30 p.m.
Seating will be on a first-come basis; therefore it is imperative to arrive 15 minutes prior to all sessions for sign-in at the door.