2.3.6: Confidentiality
Confidentiality means keeping what is supposed to be private, private. It means not disclosing (telling) other people who do not have a right to know information about the patient. Protecting a patient’s confidentiality means not sharing information with others (outside of the health care team) who the patient does not want to know the information. Home Health Aides/Personal Care Aides will come to know intimate details about their patient’s body and lives. They must take every step that they can to protect this privileged information. They have an ethical and a legal responsibility for protecting the privacy of their patient. A good rule of thumb to use before sharing patient information with members outside of the healthcare team is to ask :
- Does this person have a right to know this information?
- Did the patient give me permission to share information with this person?
- Would sharing this information be harmful to the patient?
- Would I want someone to know this information if it were me?”
Health Insurance Portability and Accountability Act (HIPAA)
In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress. This law is designed to protect people’s privacy with regard to their health and health care. This law gives people rights over the medical information, including the right to receive a copy of their medical records, the right to correct incorrect information in their medical record, and the right to control who has access to their records. You can read more about privacy rights of HIPAA at the U.S. Department of Health and Human Services website: http://www.hhs.gov/ocr/privacy/hipaa/understanding/
Legal Ramifications for HIPAA Violations
If health care workers violate a patient’s privacy, they and/or their agency or the organization for which they work can be fined or imprisoned. The American Recovery and Reinvestment Act of 2009 established a penalty structure for HIPAA violations. Civil and criminal penalties can result if an individual health care worker and/or a health care agency does not comply with HIPAA.
According to the American Medical Association (n.d), fines can range from $100 per incident in a case where the worker was not aware of making a violation to $50,000 for violations which are willful (on purpose) and are not corrected within a specified time frame. Imprisonment sentences can range from one year to up to ten years. You can read more about specific fines for violations of HIPAA at: http://www.ama –assn.org/ama/pub/physician–resources/solutions–managing–your–practice/coding–billing–insurance/hipaahealth–insurance–portability–accountability–act/hipaa–violations–enforcement.page
Identify which of these scenarios is a HIPAA violation by indicating yes or no.
Telling your best friend to meet you at your patient’s house to go to lunch. ______
Telling your supervisor that your patient has a wound on their buttocks. ______
Calling the nurse while you are at your patient’s house to let her know the patient has run out of medications. ______
Telling your fellow co-worker details about your patient’s health care while you are at the movies. _______
Telling your patient’s son details about your patient’s health care after your patient told you not to. ______
- Answer
-
1. Yes
2. No
3. No
4. Yes
5. Yes
Feedback :
1. It is a HIPAA violation to tell your family and friends about a patient. Having them meet you at a patient’s house violates the patient’s privacy.
2. It is not a HIPAA violation to inform your supervisor about your patient’s condition. Any person who is part of the patient’s treatment team is allowed to have information about the patient in order to provide the best care.
3. It is not a HIPAA violation to call the nurse from your patient’s home as the nurse is part of the treatment team and is allowed access to patient information.
4. It is a HIPAA violation to talk about a patient with your co-workers in a public place. Other people who are not involved in the patient’s care can easily overhear your conversation. This would be a violation of the patient’s privacy.
5. It is a HIPAA violation to inform anyone about the details of your patient or their care, unless the patient has given you consent to do so. This includes family members. If a patient does not want a family member to know the details of their care, that is their choice and you must uphold their confidence and privacy.
Self-Check Activity M2-17
Identify which of these scenarios is a HIPAA violation by indicating yes or no.
Telling your best friend to meet you at your patient’s house to go to lunch. ______
Telling your supervisor that your patient has a wound on their buttocks. ______
Calling the nurse while you are at your patient’s house to let her know the patient has run out of medications. ______
Telling your fellow co-worker details about your patient’s health care while you are at the movies. _______
Telling your patient’s son details about your patient’s health care after your patient told you not to. ______
Check your answers!