Good evening professional colleagues. I am Idoko Linda Ochanya (Mrs) RN, RPN, Bcur(hons). I will be presenting on the topic of CONFIDENTIALITY IN NURSING.
As nurses, we see and hear confidential information every day. Our practice is full of this kind of information. We occasionally become so comfortable with patient information that it can be easy to forget how important it is to keep such information private. Therefore, we will be reviewing and discussing the Privacy Section of the Health Insurance Portability and Accountability Act (HIPAA) and use it to identify opportunities to improve our knowledge and better protect patient confidentiality in our practice. This will help in reminding us about the importance of keeping patient information private, the implications of this Act for nurses; it will also serve as a challenge in maintaining privacy as well as strategies for promoting privacy in the healthcare setting.
Patient confidentiality is a fundamental part of health care that should be at the heart of everything that a nurse does. Confidentiality is a concept enshrined in law, codes of conduct and contracts of employment. It is guaranteed by both common law - court decisions- and statuory law, which is passed by Parliament. It is also an underlying part of professional practice that protects human rights.
In 1996, HIPAA was enacted into law. This law has had a significant impact on the health care sector especially in the need for numerous changes in the way we communicate with our patients, their families, with fellow colleagues and other members of the healthcare team. This law provides rights to patients and safeguards for employees. It affects every individual in a health care facility. Since the days in which the Nightingale Pledge was written, the nursing profession has made emphasis on the importance of confidentiality regarding all aspects of patient care. American Nurses Association (ANA) 2001 Code of Ethics for Nurses (Exhibit A) is very clear in both intent and meaning as it explains the nurse’s role in promoting and advocating for patient’s rights in terms of privacy and confidentiality. For nurses, HIPAA is an endorsement of our previously articulated responsibility to our patients.
Every nurse understands the importance and the need for confidentiality in the nurse-patient relationship and respects it. As professionals, our relationship with our patients and colleagues depends on it. But, the truth is, technological advancements, new and increasing demands in the healthcare industry, and globalization, make it more and more challenging to keep this promise. But keep it we must!
For nurses, the Nightingale Pledge and all subsequent nursing codes, has helped us in identifying the need for confidentiality; nurses made this point long before national legislation was ever contemplated. The ANA Code of Ethics for Nurses is the standard by which ethical conduct is guided and evaluated by the nursing profession (ANA, 1994). Provision 3 of the current Code of Ethics for Nurses states: "The nurse promotes, advocates for, and strives to protect the health, safety, and rights of the patient" (ANA, 2001). The interpretive statements, 3.1 and 3.2, are explicit in their language regarding privacy and confidentiality (ANA, 2001), and should be used by nurses to guide clinical practice and to set organizational policy.
*Health Insurance Portability and Accountability Act (HIPAA)*
The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Kennedy–Kassebaum Act, or Kassebaum–Kennedy Act) consists of 5 Titles. Title II Prevents Health Care Fraud and Abuse; Medical Liability Reform; Administrative Simplification that requires the establishment of national standards for electronic health care transactions and national identifiers for providers, employers, and health insurance plans. This title regulates the privacy and confidentiality of patient information in healthcare.
HIPAA was the first national legislation to assure every patient across the nation protection of their health insurance information. The privacy portion of the new law limits those who may have access to a patient’s health information and how it may be used. Hospitals and providers may use this information only for treatment, obtaining payment for care, and for specified operational purposes like improving quality of care. They must inform patients in writing of how their health data will be used; establish systems to track disclosure; and allow patients to review, obtain copies, and amend their own health information.
HIPAA established standards and requirements for the electronic transmission of certain health information (eligibility requirements, referrals to other physicians, and health claims) (American Hospital Association, 2002). HIPAA protects a patient’s rights to the confidentiality of his/her medical information and, for the first time, creates federal civil and criminal penalties for improper use or disclosure of protected health information.
Before we review the implications of HIPAA for nurses, lets quickly look at what patient’s health information (record) from a conceptual framework entails. The patient’s health record is the collection of all health information in all media generated on a patient under a unique personal identifier and across the continuum of care. The record is created for every patient who receives treatment, care, or services at each healthcare facility or health network, and is maintained for the primary purpose of providing patient care.
In addition, it is used for financial and other administrative processes, outcome measurement, research, education, patient self-management, disease prevention, and public health activities. The record contains sufficient information to identify the patient, support the diagnosis(es), justify the treatment, document the course and results of treatments, and facilitate the continuity of each patient’s care.
The health information or data contained in the record belongs to the patient solely even though the physical record (either electronic or paper) belongs to the facility.
*HIPAA's Implications for Nurses*
Establishing and maintaining patients’ trust in their caregivers is critical to obtaining a complete history, an accurate health record, and carrying out an effective treatment plan. If a nurse fails to protect the patient’s privacy, the erosion in the relationship can have dire consequences to the nurse/patient relationship.
At the same time, the reality of the world in which we practice raises troubling confidentiality questions:
• Nurses are frequently put in the tenuous position of being asked for patient information by patient’s families and well-wishers. An example is another employee checking to see how a friend is doing. On the surface this seems harmless. But, is it really?
• A key patient safety initiative is better improved labeling of drugs and devices. IV bags and medicines are now routinely labeled with the patient’s name, a step we take to assure we are delivering the right care to the right patient. When they are discarded in open trash receptacles in patient rooms, have we compromised the patient’s confidentiality?
• Busy, frequently overcrowded, hospitals are less than perfect environments. Conversations with patients can easily be overheard. What can we do to lessen the chances of inadvertent disclosure?
• Are we confident that we have correctly determined who "needs-to-know" for every patient? How are we teaching the next generation of caregivers to think about confidentiality? Are there new tools we can give them?
• The consumer can access almost anything on the Internet today. Sophisticated search engines enable us to find everything ever written about any person or topic.
Equally sophisticated efforts must be made by health care providers to prevent unauthorized access to patient information. How much information should we provide and what can we provide under HIPAA? What would our patients prefer?
Our commitment to protecting patients’ privacy must advance from the abstract realm of tacit understanding to a more conscious, active, and visible place. We need to let our colleagues know that we will not engage in, nor will we tolerate in others, anything less than full compliance with the law of confidentiality.
There are two criteria to always come back to in discussions about confidentiality.
√ One is to ask yourself, "What you would want if it were your medical information in question?"
√ The other is to ask yourself, "Do I really need-to-know this information in order to do my job?"
*Most of the time, if you have to ask, you probably don’t need-to-know*
Exhibit B contains some things we need to keep at the back of our heads as far as patient Confidentiality is concerned.
*Challenges of Maintaining Privacy and Confidentiality*
Knowing the difference between privacy and confidentiality can be confusing. Privacy is the right of individuals to keep information about themselves from being disclosed; that is, patients are in control of how others have access to themselves or their health information. Patients decide who, when, and where to share their health information. On the other hand, confidentiality is how we, as nurses, treat private information once it has been disclosed to others or ourselves. This disclosure of information usually results from a relationship of trust; it assumes that health information is given with the expectation that it will not be divulged except in ways that have been previously agreed upon, e.g., for treatment, for payment of services, or for use in monitoring the quality of care that is being delivered. With the increasing use of technology for the provision of care in our fast-paced clinical environments, maintaining privacy and confidentiality can be a daunting task.
*The Impact of Technology*
Electronic messaging and new computer technology, though quick and efficient, are often not as secured as we think. This is an unfortunate reality, but one we must consider. We should refrain from including patients’ names in electronic correspondences except when it is absolutely necessary to do so. When communicating patient information, be it by fax, telephone, email, or other technologies yet to be developed, it is very crucial to be smart and sensitive as we go about it (Ives Erickson, 1999). As nurses, it is important when communicating with another clinician, to remember the following:
• Electronic messages may be processed by others besides the addressee during addressee’s usual business hours, vacation or illness.
• Electronic messages can occasionally go to the wrong address.
• Electronic communication are easily accessible fom various locations/devices
• Information written by one clinician may be sent electronically to other care providers
• Except encryption technologies are used by parties involved, the Internet does not typically provide a secure media for transporting confidential information.
• When it comes to transmitting patient information, fax machines are perhaps the least secure technology . The law prohibits certain types of information from being faxed outside of an institution without appropriate written authorization, e.g., genetic test results, HIV information, and sexual assault counseling. All fax cover sheets should contain the standard warning that reads: "The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify me immediately and destroy all copies of this message and any attachments."
• Palm pilots, PDAs, and Blackberries are an exploding technology. Many clinicians have health information stored or available on these hand-held devices. Yet, how many users have their PDA’s password protected in order to prevent access if the device is inadvertently left somewhere?
*Busy People Cutting Corners*
It is not enough anymore to assume we’re maintaining confidentiality as we go about our daily work. There are too many opportunities for private information to be inadvertently read, faxed, overheard, transmitted, or otherwise unintentionally disclosed. As nurses and as leaders of the health care industry, we need to sharpen our awareness and redouble our efforts to protect our patients’ rights to privacy (American Hospital Association, 2002).
Each of us has witnessed situations that demonstrate this point. For example, as you’ve walked through a hospital, health center, or ambulatory practice, have you ever seen a trash bag that has been accidentally ripped open, and there on the floor in front of you is patient information? The person who discarded this information did so with the best of intentions, never foreseeing that it would re-surface in a torn-up trash bag. Confidential papers should be appropriately disposed of, e.g., torn or shredded, when they are no longer needed. Yet, how many times is this not done?
Now, think back on rides you’ve taken in an elevator along with other health care employees and a few visitors. How often have you overheard clinicians discussing a patient in a code situation, not mentioning the patient’s name, but talking in great detail about the specifics of the case? Though they never identify the patient by name, the discussion still breaches a very important aspect of our code of conduct. It creates the perception that we don’t care about confidentiality.
It is clear in confidentiality guidelines that, "Patient information should not be discussed where others can overhear the conversation (in hallways, on elevators, in the cafeteria, in restaurants, etc.). It is not okay to discuss clinical information in public areas even if a patient’s name is not used. This can raise doubts among patients and visitors about our respect for their privacy" (personal communication, Massachusetts General Hospital, Privacy and Confidentiality Committee, 2004). If you put yourself in the patient’s place, you’ll agree that this raises serious doubts about the employee’s commitment to confidentiality.
*Strategies for Promoting Privacy*
Many view the extra steps that may need to be taken by nurses in the commitment to assuring privacy to be a burden. But, in reality, who is better positioned than nurses to advocate for patient privacy and safety? Thinking with a patient-first philosophy, our work puts us in a position of strength. For example, on the patient care units, nurses routinely field calls from patients’ families and friends, and occasionally the media, who are inquiring about a patient’s status and prognosis.
Nurses are strategically placed in managing this personal patient information. If it is a member of your organization’s public relations department, but a person you don't know, you can say, "I'll call you back in your office." This ensures that the person calling you is who he says he is. Remember: it is the patient’s right to decide what information is shared about them and when. As nurses, we need to balance patient safety and treatment with a respect for privacy. If you must choose, always choose patient safety first.
In clinical care a patient’s condition can change at a moment’s notice. Imagine this situation -- a patient assigned to a semi-private room takes a sudden turn for the worse and it becomes apparent that death is near. Nurses are empowered to make the necessary changes in bed and room assignments to afford patients and families the privacy that is warranted in a particular patient care situation. Again, this puts nursing in a position of strength.
However, what if a private room can't be found and the patient's roommate objects to having the roommate's family spend the night because they feel unsafe? As nurses, we need to balance patient safety and treatment with a respect for privacy. If you must choose, always choose patient safety first. Use your professional judgment that moves this added demand from a perception of extra work to a position of strength in patient advocacy.
*The following are other strategies to address confidentiality challenges facing nurses*
• Communication with family members – always keep the patient’s best interest in mind. This may translate into adequately informing long-distance family members so they are able to properly respond and support elderly or demented parent’s needs. Verify identity as legal guardian or executor, if necessary.
• Never assume you have the right to look at any type of health information unless you need it in order to do your job. HIPAA assumes there is a need-to-know. For example, co-workers’ phone numbers for personal reasons may be looked up by the interested party on the Internet or the phone book. Phone numbers needed for work-related reasons may be obtained from the supervisor or the employee database if you have been authorized for access. Always ask yourself, "Do I need-to-know this information?" Need-to-Know is defined as that which is necessary for one to adequately perform one's specific job responsibilities.
• Hold your colleagues as accountable as you hold yourself when it comes to respecting patient privacy. When you see a nurse or physician carrying progress notes on their tray in the cafeteria for others to see, gently and politely remind them to turn them over in the name of confidentiality. When you are hearing a conversation between two care providers in the elevator or the hospital shuttle, politely ask them to please continue their discussion in a private area.
• Be a privacy mentor to nursing students just starting out in the profession. For example, keep medical records closed on desktops, close out results on computer screens, send out text paging with minimum necessary information (last name first initial), restrict excessive printing of health information from computers, restrict the removal of all copies of health information from the hospital, even if reports have been de-identified.
• Stand up to peer pressure when friends or neighbors ask you to do a favor by obtaining for them copies of their records or copies of a family member’s records. Always get written authorization and follow proper procedure. In many organizations, failure to follow proper procedures regarding release of information may result in disciplinary action, up to and including termination of employment or suspension of privileges.
• If in doubt when releasing health information to patients, confer with your health information services department or privacy office for advice and assistance. Use opportunities to share Confidentiality Quizzes (Exhibit C) in order to educate staff. There are guidelines in place to help reduce risk for you and the hospital while meeting patients’ needs – know and use these guidelines.
It is our duty to protect the well being of those who are entrusted to our care. Protecting the integrity of the nurse-patient relationship and patient rights is a sacred trust. It is also our duty to periodically remind other nurses of the importance of keeping patient information private.
Thank you all for your time and audience and thank you admins NWN for this opportunity.
About the Author:
Linda Ochanya Idoko, RN RPN, Bcur(hons) earned her bachelor of Nursing degree in Advanced Psychiatric Nursing Science from Nelson Mandela University South Africa, and her Diploma in General and Psychiatric Nursing from Ahmadu Bello University Teaching Hospital Zaria and School of Post Basic Psychiatric Nursing Federal Neuropsychiatric Hospital Barnawa both in Kaduna State respectively. Passionate about mental health, Linda is also a trained Cognitive Behavioral Therapist who has 3 years of clinical nursing experience and 3 years of experience as a psychiatric nurse specialist.
Share this news with friends!!!