Sign Up / Login
Nurses discussing a patient's records
Clinical Insights June 16, 2018

By Suzan Miller-Hoover DNP, RN, CCNS, CCRN-K

Need to Know: Protecting Patient Healthcare Information (PHI)

n 1996 the Health Insurance Portability and Accountability Act (HIPAA) was developed to protect patient's rights and confidentiality. In the ever-increasing world of technology, it is important to ensure that only those who need to know to have access to patient information.

HIPAA Was Enacted to Cover Three Specific Areas:

  1. Insurance portability or the ability to move to another employer and be certain that insurance coverage will not be denied
  2. Fraud enforcement and accountability
  3. Administrative simplification - guidelines for communication with other providers, families, friends, and the media

The overall intent of this act is to make it easier for the consumer to obtain seamless care, irrespective of the number of different providers they see; while still protecting the confidentiality and privacy of the patient. HIPAA provisions include all employees, such as nurses, pharmacists, physicians, and administrative, clerical, food service, and environmental services staff. The adherence to HIPAA policies also applies to volunteers and any other person under the facility’s direct supervision (HIPAA Survival Guide, 2018).

To resolve the issue that some of the largest breaches reported to Human and Health Services (HHS) have involved business associates, changes were made to the HIPAA law in 2013 to expand the HIPAA requirements to business associates such as contractors, outside laboratory or imaging services, baby photographers, and computer technicians among others (HHS, 2015).

Additionally, The 2013 Changes Include:

  • HIPAA guarantees patients’ rights to inspect their own medical records, correct errors, inquire who has access to their records, and seek penalties if their medical information has been used inappropriately.
  • Patients may also request an electronic copy of their medical record, and they have the right to state that their provider does not share information about their treatment if they pay cash for that treatment (HHS, 2015a).

So, what is PHI? PHI is any personal information transmitted and/or maintained in any form, including prescription records, billing information, patient profiles, and oral communications on the phone or during counseling. It is important to know that this information is protected in any form, be it written, electronic or verbal.

All patients must receive a copy of the Notice of Privacy Practices. The organization must also make a good faith effort to obtain a written acknowledgment that the patient received the Privacy Notice.

When Can PHI be Disclosed under HIPAA?

  • Treatment of the patient (e.g. consulting with other healthcare providers on diagnosis and treatment)
  • Obtaining payment from the patient’s health plan
  • Operational requirements (e.g. quality improvement activities or peer review)
  • Complying with legally mandated reporting or disclosure

The patient must provide consent or further authorize any other release of information for any other purpose.

Take-Home Message:

HIPAA demands and limits the use and disclosure of personal health information to a “minimum necessary” standard for any communications other than the purpose of treatment. This ensures that patient privacy will be protected by disclosing only the least amount of information necessary for another healthcare professional to perform their job. Thus, a Pharmacy Technician or Nursing Assistant (CNA) may need access to some information to allow them to fulfill their duties, but do not need access to full medical records.
For more information regarding what HIPAA means to you as a healthcare professional, review the RN.com course: An Overview of HIPAA for Healthcare Professionals.

Take The Course

References

HIPAA Survival Guide (2018). HITECH Act Summary

U.S. Department of Health and Human Services (HHS). (2015). HIPAA - General Information.

U.S. Department of Health and Human Services (2015a). Where can I find information about HIPAA, health information privacy or security rules? Guidance Materials for Consumer.

Must Reads

Red blood cells
Clinical Insights SEP 18, 2021
The Hematopoietic System

he hematopoietic system consists of organs and tissues, primarily the bone marrow, spleen, tonsils, and lymph nodes involved in the production of blood.

CBD oil
Clinical Insights JUL 06, 2020
Clearing the Confusion on CBD

CBD has gained a strong presence in the nutritional industry, and most likely your patients’ interest, and possibly their treatment regimen, leaving practitioners looking for clarity.

Health care professional and patient smiling
Clinical Insights AUG 13, 2016
Patient Engagement Is Everyone’s Responsibility

Increasing patient engagement has been shown to increase patient satisfaction and improve positive outcomes. 

Nurse comforting patient with gastrointestinal issues
Clinical Insights MAY 12, 2019
Assessing the Gastrointestinal System

You will need to elicit information about any complaints of gastrointestinal disease or disorders before obtaining a thorough assessment of the gastrointestinal system. 

Physician reviewing standards with a newly hired nurse
Clinical Insights OCT 22, 2020
Standardizing Competency Validation

The Joint Commission requires healthcare organizations to assess the competence of new hires and staff on an ongoing basis.