HIPAA/CONFIDENTIALITY OF PATIENT INFORMATION AND USES:
The Health Insurance Portability and Accountability Act (HIPAA) signed into law in 1996 with the original intent of protecting health insurance information when workers changed or lost their jobs has impacted the way Personal Health Information is exchanged, compiled, stored and transmitted. The Cole Holland Training Center has a policy to protect Personal Health Information (PHI) of patients in facilities that students care for while on clinical rotation.
Students are to protect confidential PHI in the following manner:
- All Plans of Care, duties, cares activities, lab tests or results etc. or any forms containing patient identifying health information is never to be shared with anyone else, except those designated by the school or facility.
- No information regarding patient care, diagnosis, outcomes, location, payer source or any other identifying information can be divulged to any other person except those designated by the school or facility.
- At no time, shall any patient or information be removed from the facility for any reason.
- No discussion regarding patients either in person or over the phone is authorized except for discussions with appropriate representatives of the facility or the school. For example, it is appropriate to discuss patient health information with the supervising nurse at the facility or the clinical supervisor from the school, with a physician or with the Administrator. However discussing ANY identifying information with friends, spouses, friends, other clinical persons or other students is prohibited.
- All students must take and pass a HIPAA training module BEFORE engaging in direct patient care.
- Students who misuse PHI or disclose information regarding patients in violation of HIPAA will not be able to finish their clinical or externship program.
On April 14, 2003, the privacy protection provisions of the HIPAA legislation went into effect. These provisions include:
- Protection against the unauthorized disclosure of a patient’s “individually identifiable health information.”
- Each instance of unauthorized disclosure by a health care provider is punishable by fines ranging from $10,000 to $25,000.
- Each instance of intentional unauthorized disclosure is punishable by fines ranging from $100,000 to $250,000 and possible jail time for those who violate the provisions. The HIPAA Security Standard contains two sub parts that relate directly to data integrity, data access and mechanisms for handling data. These include: 45 CFR Part 142, § 142.308 (c). “Technical security services to guard data integrity, confidentiality and availability.” These are processes that protect information and control individual access to information. 45 CFR Part 142, § 142.308 (d). “Technical security mechanisms.” These are controls that prevent unauthorized access to information that is transmitted across an internal network or across the public Internet.
