Need to Know: Protecting Patient Healthcare Information (PHI)
By: Suzan Miller-Hoover DNP, RN, CCNS, CCRN-K
In 1996 the Health Insurance Portability and Accountability Act (HIPAA) was developed to protect patients’ rights and confidentiality. In the ever-increasing world of technology, it is important to ensure that only those who need to know have access to patient information.
HIPAA was enacted to cover three specific areas:
1. Insurance portability or the ability to move to another
employer and be certain that insurance coverage will not
2. Fraud enforcement and accountability
3. Administrative simplification - guidelines for communication with other providers, families, friends, and the
The overall intent of this act is to make it easier for the consumer to obtain seamless care, irrespective of the number of different providers they see; while still protecting the confidentiality and privacy of the patient. HIPAA provisions include all employees, such as nurses, pharmacists, physicians and administrative, clerical, food service and environmental services staff. The adherence to HIPAA policies also applies to volunteers and any other personnel under the facility’s direct supervision (HIPAA Survival Guide, 2018).
To resolve the issue that some of the largest breaches reported to Human and Health Services (HHS) have involved business associates, changes were made to the HIPAA law in 2013 to expand the HIPAA requirements to business associates such as contractors, outside laboratory or imaging services, baby photographers, and computer technicians among others (HHS, 2015).
Additionally, the 2013 changes include:
• HIPAA guarantees patients’ rights to inspect their own medical records, correct errors, inquire who has
access to their records and seek penalties if their medical information has been used inappropriately.
• Patients’ may also request an electronic copy of their medical record, and they have the right to state that
their provider not share information about their treatment, if they pay cash for that treatment (HHS, 2015a).
So, what is PHI? PHI is any personal information transmitted and/or maintained in any form, including prescription records, billing information, patient profiles and oral communications on the phone or during counseling. It is important to know that this information is protected in any form, be it written, electronic or verbal.
All patients must receive a copy of the Notice of Privacy Practices. The organization must also make a good faith effort to obtain a written acknowledgement that the patient received the Privacy Notice.
When can PHI may be disclosed under HIPAA?
• Treatment of the patient (e.g. consulting with other healthcare providers on diagnosis and treatment)
• Obtaining payment from the patient’s health plan
• Operational requirements (e.g. quality improvement activities or peer review)
• Complying with legally mandated reporting or disclosure
The patient must provide consent or further authorize any other release of information for any other purpose.
Take home message:
HIPAA demands and limits use and disclosure of personal health information to a “minimum necessary” standard for any communications other than the purpose of treatment. This ensures that patient privacy will be protected by disclosing only the least amount of information necessary for another healthcare professional to perform their job. Thus, a Pharmacy Technician or Nursing Assistant (CNA) may need access to some information to allow them to fulfill their duties, but do not need access to full medical records.
For more information regarding what HIPAA means to you as a healthcare professional, review the RN.com course: An Overview of HIPAA for Healthcare Professionals.
HIPAA Survival Guide (2018). HITECH Act Summary. Retrieved from: http://www.hipaasurvivalguide.com/hitech-act-summary.php
U.S. Department of Health and Human Services (HHS). (2015). HIPAA - General Information. Retrieved from: http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/index.html
U.S. Department of Health and Human Services (2015a). Where can I find information about HIPAA, health information privacy or security rules? Guidance Materials for Consumer. Retrieved from: http://answers.hhs.gov/questions/6180
© 2018. AMN Healthcare, Inc. All Rights Reserved.