- Home
- » e-Newsletters
Ensure compliance in the long-term care setting
HIPAA Training Advisor, June 1, 2007
Staff-resident relationships pose a challenge
All covered entities face the task of HIPAA compliance. However, long-term care (LTC) facilities face special challenges that arise from staff members' close relationships with residents. Although these relationships are crucial to good patient care, they can pose difficulties when it comes to compliance.
"Long-term care is a totally different animal," says Peggy Presbyla, RHIA, CHP, health information management (HIM) director and privacy officer for James Square Health and Rehabilitation Centre in Syracuse, NY. "The part that gets a little difficult is that we get to know the resident so well. There's information the resident shares with the staff that might not even be part of the medical record. I have to constantly remind staff that if [residents are] sharing information with you, they trust you, and you can't share that information."
For example, Presbyla is aware of an incident at one facility in which a resident mentioned to a staff member that she had an adopted daughter. The staff member let the information slip to the daughter--who was crushed because she had no idea. But a more frequent problem occurs when residents confide in an aide about their aches and pains but don't want him or her to spread the information to other residents or staff members.
Common problems
This can be difficult because residents and staff members live and work together every day--sometimes for years--in a facility that becomes the residents' homes. So it's only human nature that staff members let their guard down. Staff members must carefully handle even seemingly innocuous situations to avoid violating HIPAA, such as making an announcement when a resident has a birthday.
In addition, family members who visit regularly might become close to staff members. In these cases, employees must be careful not to disclose information that residents don't want to share with family members. "It's quite easy when a staff member knows a visitor really well to go ahead and say, 'This is a good person', and we'll let them have access to the information when they really shouldn't," says Rebecca Herold, an information privacy, security, and compliance consultant.
To combat this problem, Presbyla and Herold recommend frequent training and reminders. It's often helpful to have staff members perform role-playing exercises in which they can practice responding to certain situations, Herold says. Include examples of problems that have occurred at similar facilities and provide tips for handling those sorts of incidents. In addition to frequent training, you can post reminders in newsletters, on bulletin boards, and on your facility's intranet.
Personal representatives
LTC facilities must also frequently deal with patients' personal representatives. This can be complicated because many patients don't have formal healthcare proxies that designate who can make decisions for them. So LTC facilities need to have a system in place to ask residents with whom they want staff members to share information and who they want making decisions. Staff members also need to know the limitations of those decision-making powers.
For example, a son may have a power of attorney that allows him to make financial decisions but not healthcare decisions. Or, the scope of the decision-making authority may be limited to specific issues, such as artificial life support. Staff members must clearly understand these complexities to ensure that they conduct business in accordance with the patient's wishes.
"It's easy to think that one person comes every day, so we can talk to him or her. But it may actually be the other child--who doesn't visit--who is the personal representative," says Herold. "A lot of [LTC facilities] are limited in staff and funds . . . Oftentimes, people fulfill multiple functions, and they may not understand what the issues really are. But facilities need to understand very clearly and have documented who is the personal representative."
Organizations must also have clear rules and procedures that outline who makes decisions when a patient is no longer competent to do so. "Just because someone is 83 years old doesn't mean they can't make their own decisions," Presbyla says. "We have to go to the resident first, then the son or daughter. The healthcare proxy doesn't go into effect until they can't make their own decisions anymore."
Other concerns
In addition to these considerations, also keep in mind that LTC facilities tend to be more open than hospitals because they are their residents' homes. Residents may wander the floors or go into each other's rooms to visit, and outside visitors may come and go as well. This regular activity poses additional security and privacy concerns.
For example, staff members should be careful not to leave PHI exposed on workstation desks or in patient rooms where passersby could see. They also must take special care not to discuss patients' PHI when other residents or visitors are around-which can be difficult because residents often like to sit around the nurse's station. Be sure to implement physical security measures (e.g., bins that hide charts or filters that hide computer screens).
Presbyla is now looking to provide rooms for physicians to do their dictation, rather than having them do it at the desk. It also helps to perform periodic walk-throughs and counsel staff members about potential problems. At James Square, staff members can use a form to report privacy problems anonymously, if they wish.
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- Capturing all necessary codes for IUD insertion and removal can be challenging
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- HIPAA Q&A: Level of encryption needed for email
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- What does case-mix index mean to you?
- Joint Commission Center announces handoff communication solutions
- Inside best practice: Reduce patient falls with a stoplight
- Identify modifiable risk factors to prevent patient falls
- Hospitalist-surgeon comanagement has no effect on outcomes
- HIPAA Q&A: Level of encryption needed for email
- Searched