Knowledge Hub

Patient Privacy: A Definitive Guide for Nurses

Essential Information for Healthcare Professionals to Protect Patient Privacy Rights

Patient Privacy Rights in the US

As a nurse, you usually spend your day taking care of your patients, which includes working on their information.

You record patient information, review their medical histories, manage therapy, and administer the prescribed medication.

Experienced nurses are well aware that patient information is sacred and protected by federal law.

But it is crucial to review the patient privacy rights regularly and check if the hospital or clinic that you are working with is in compliance.

Moreover, new nurses are still not yet well-oriented with patient privacy.

The federal legislation that protects patient privacy rights in the US are written in legal jargon and a bit complicated that it is impossible for one person (unless he or she has legal background) to absorb and understand.

That's why Pulse Uniform created this definitive guide to help nurses (experienced and newbies) to understand patient privacy rights and prevent possible violations.

In general, nurses and other healthcare professionals have the legal duty to protect confidential information about patients unless required by law to disclose the information.

Patient Privacy Rights are Protected in the US Under HIPAA and HITECH

In general, nurses and other healthcare professionals have the legal duty to protect confidential information about patients unless required by law to disclose the information.

In 2015, the American Nurses Association (ANA) published a position statement that includes the following recommendations:

• The patient's right to privacy of individually identifiable health information, including genetic information, is established statutorily with specific exceptions.
• Individuals retain the right to decide to whom, and under what circumstances, their individually identifiable health information will be disclosed.
• Confidentiality protections should extend not only to health records, but also to other individually identifiable health information, including clinical research records, oral reporting, images and mental health therapy notes. This protection should be maintained in the treatment setting and in all other venues.

Important Federal Law in Protecting US Patient Rights: HIPAA & HITECH

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law in the US that mandated the establishment of federal standards to safeguard sensitive patient medical data from being disclosed without knowledge or consent.

The HIPAA Privacy Rule was issued by the US Department of Health and Human Services (HHS) to implement the requirements of the law.

Healthcare professionals must be familiar with the HIPAA Privacy Rule to protect how patient information is used while allowing the flow of medical information required to provide medical service.

The following types of individuals and organizations are considered covered entities under the HIPAA Privacy Rule:

• Healthcare Providers Includes doctors, nurses, healthcare associates, medical technologists, and other professionals regardless of size and practice
• Health Plans Organizations that process the settlement of medical care costs such as health insurance companies, health maintenance organizations (HMOs), dental insurers, and related entities.
• Business Associates Individuals or organizations who have access to health information needed to provide or perform activities, functions, or services for a covered entity. This includes billing, medical equipment usage review, data analysis, claims processing, etc.

Protected Information Under HIPAA Privacy Rule

The HIPAA Privacy Rule protects all health information that is “individually identifiable” in any form of media whether paper, electronic, or oral.

The following information are known as “protected health information” or PHI:

• The patient's past, present, or future mental or physical health or condition
• The provision of health care to the patient
• The past, present, or future payment for the provision of healthcare to the patient

In order to be identifiable, the information should be accessed with common identifiers such as patient name, address, social security number, birthday, etc.

The HITECH ACT

Another important US legislation that aims to protect patient private information is known as the HITECH Act, which is short for the Health Information Technology for Economic and Clinical Health.

The HITECH Act is an important provision of the American Recovery and Reinvestment Act of 2009 known as ARRA. It is created to encourage medical organizations to implement electronic health records (EHR).

While the HITECH Act primarily provides incentives for hospitals in digitizing their medical records, it also expanded the scope of security and privacy protections stipulated by HIPAA compliance.

With the HITECH Act, non-compliant healthcare organizations and covered individuals may have higher legal liability.

US Patient Privacy Rights Frequently Asked Questions (FAQs)

What are patient privacy rights?

Health care providers like doctors and nurses must comply with patient rights to:

• Access a copy of their health records
• Receive notice that will tell the patient how the information will be used and shared
• Give permission whether the health information can be used for specific purposes like marketing
• Have changes or corrections added to the health information
• Receive a report on when and why the patient health information was shared for specific purposes

As healthcare professionals, nurses and doctors also have the duty to educate the patients about their privacy rights and report any violation to the US Department of Health & Human Services.

Which common practice puts the nurse at liability for invasion of patient privacy?

One common practice that puts a lot of nurses at liability for invasion of patient privacy is through casual conversation.

For example, during patient care, a nurse revealed information about the patient to his friends who are in the room.

This is an invasion of patient privacy because the nurse has no permission to give out protected health information regardless if they are the patient's friends.

As a nurse how are you protecting the privacy rights of patients?

Healthcare professionals have the duty to protect health information about their patients unless legally mandated by law for disclosure.

Here are important pointers that nurses should bear in mind to prevent possible invasion of patient privacy:

• Read and adhere your workplace privacy policies in protecting patient health information
• Read and adhere the rules and regulations stipulated by HIPAA
• Be familiar about the nature and complexities of protected health information (PHI) such as when it can be shared, with whom it can be shared and how it can be shared. The following are common examples of PHI:
  • Demographic data
  • Health diagnosis and lab test results
  • Clinical information including treatment, medications, and procedures
  • Billing and payment details
  • Pictures
• Always focus on the welfare of your patient. If it could damage your patient in any form, don't disclose any information.
• Safeguard your records. Don't let patient charts, files, or documents to be accessible to the public.
• Follow safety protocols in discarding health information.
• Regularly consult with your Human Resource Office or HIPAA for any suspicious activities that could compromise patient information.

Can you post pictures of your patients on social media?

Multimedia such as pictures and videos are considered protected health information, so nurses should refrain themselves from taking photographs of their patients and sharing them on social media.

If you need to share any material on social networks, you need written permission from the patient, and if the patient is a minor, you should obtain such permission from the parents or legal guardian.

Can you share patient information to family or friends?

Under HIPAA, healthcare professionals such as doctors and nurses always protect the privacy of patient information.

Without patient objection, nurses may share relevant information with family members or friends who are involved in the patient healthcare.

Nurses can share health information via face to face, in writing or over the phone. Nurses can share the information if:

• The patient grants permission to share the information
• The patient is present and do not object sharing the information
• The patient is not present and the healthcare professional deems it necessary to share the information

For example, a nurse may explain the purpose of medications a patient prescribed with the friend who accompanied the patient. But if the patient objects, the nurse should discontinue and should excuse the friend.

But if the patient is unconscious or not capable of clear discernment, the nurse may choose to explain the importance of timely intake of certain medication to his or her friend.