• E-mail
• Print
• RSS

Tip: Convey these five key points about HIPAA privacy to your staff

HIPAA Weekly Advisor, June 12, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

April 14 has come and gone, but privacy compliance efforts are far from over. Many facilities will continue to develop and update related policies and procedures, as well as train staff, as they find new compliance issues.

Since the privacy rule's April 14 compliance date, many issues have arisen, says Sue Dill, RN, MSN, JD, privacy officer and vice president of legal services at Memorial Hospital of Union County in Marysville, OH.

Dill recommends stressing the following five key points when training staff:

1. Patients have a right to opt out of the facility directory
"We don't expect this to happen very often, but staff need to follow the appropriate policies and procedures," says Dill. "Staff should assume that every patient has opted out of the facility directory and then check."

2. Staff must understand policies and procedures
Facilities had to train staff on privacy-related policies and procedures by April 14. "But when you give them an entire book, they don't remember," says Dill. "They had a lot of training, so you need to go back and revisit."

Memorial Hospital is now going to provide additional training on policies and procedures and offer summaries of policies to staff, she says. "People don't really know what's in there. Do psychiatrists know when they can deny patient access to PHI?"

Policies and procedures may also need to be changed or updated, says Dill. "Do a post-HIPAA analysis of policies and procedures. And don't wait two or three years to make sure policies and procedures are working. Put a team together in six months."

3. Documentation is key
Train staff to document everything, says Dill.

Documentation will help staff keep track of friends and family involved in a patient's care. "Document whether a patient's daughter has been helping with wound care," she says. "If she then calls and asks for information, staff will know they can give it to her."

4. Always use professional judgment and common sense
Protecting patients' privacy should not disrupt patient care, says Dill. Sometimes staff members are so nervous about violating HIPAA they don't release information to people who are entitled to it, she says.

"That's a violation, too, because patients have a right to access their information."

Staff must use professional judgment when patients don't have the opportunity to make decisions on their own. "A lot of people, especially emergency department nurses, didn't really get training or understand this," says Dill. "If you have a gang shooting and the patient is unconscious, he or she won't be able to opt out of the facility directory. But you have to use professional judgment and be smart enough to make that decision."

5. Authorizations must be HIPAA-compliant
"When we wrote our policy on patient authorizations, we gave staff a separate sheet that listed what an authorization should include," says Dill. "It lists core elements. Staff can use the checklist when they receive authorizations from outside the hospital."

Editor's note: From the June 2003 issue of Briefings on HIPAA. See the June issue for Memorial Hospital of Union County's checklist for determining whether an authorization form is valid.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive