Are there exceptions to HIPAAs disclosure policy?

Are there exceptions to HIPAAs disclosure policy regarding protected health information (PHI)?
The answer is YES
According to Hebda and Czar (2009), "HIPAA allows the use or disclosure of PHI without authorization or permission when required by law and for public health activities such as controlling disease, abuse, violence, Food and Drug Administration tracking, and for work related illnesses. PHI may also be shared in the following instances

• audits or investigations by health oversight agencies
• judicial and administrative proceedings
• for law enforcement purposes
• as needed by funeral direcors and coroners
• donation/transplantation of tissues
• research
• essential government functions such as combat
• worker's compensation"

Reference:
Hebda, T., & Czar, P. (2009). Handbook of informatics for nurses and healthcare professionals. (4th ed.). Upper Saddle River, NJ: Prentice Hall.

Path to HIPAA compliance

The link below will take you to a flow diagram with some basic information regarding HIPAA compliance.
Reference:
Hebda, T., & Czar, P. (2009). Handbook of informatics for nurses and healthcare professionals. (4th ed.). Upper Saddle River, NJ: Prentice Hall.



http://www.gliffy.com/pubdoc/2901125/L.png

HIPAA steering informatics

The informatics nurse specialist (INS) serves as an advocate for safety and security of information; as well as a champion in the cause for maintaining ethical principles in serving the cause of stakeholders in the world of electronic health records. The INS recognizes the important role of HIPAA as a major guide when steering the turbulent waters of confidentiality, privacy, security, accountability, ethical decision making, and transparency as they relate to protected health information.

Relationship between INS and HIPAA

The informatics nurse specialist (INS) recognizes the importance of HIPAA as a relevant guide in fulfilling her/his role. HIPAA allows the INS to act as an advocate for securing the privacy of health information, ethical decision making and maintaining confidentiality, while assisting organizations to provide evidence-based care, conduct pertinent research, and educate personnel in technological advancements which may enhance their practice.

more about HIPAA

Follow the link below to learn more about HIPAA

 http://www.screencast.com/t/ydKyIGXz13UZ



Reference: Hebda, T., & Czar, P. (2009). Handbook of informatics for nurses and healthcare professionals. (4th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.

HIPAA-what it is-what it does

Click the link below. A new window will open, click the play icon to view a small PowerPoint presentation


http://screencast.com/t/YCCJkuJOm1Oo

covered entities? what is that, you say!!!

As described by the US Department of Health and Human Services (2006), covered entities are:

• health plans
• health care clearinghouses
• health care providers who conduct certain financial and administrative transactions electronically....such as electronic billing and funds transfer

Reference: U.S. Department of Health & Human Services (2006). Health information privacy: Who must comply with HIPAA privacy standards? Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/faq/covered_entities/190.html

consumer protection

"Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information" (U.S. Department of health and Human Services)

Reference: US Department of Health and Human Services. For consumers: How is information protected. Retrieved from www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html 2011/08/01

Data mining, evidence based practice, and the informatics nurse specialist (INS)

Evidence-based practice is in part informed by information gleaned through data mining. Data mining activities (in a healthcare facility) guided by the informatics nurse specialist should not require scrutiny by HIPAA.
Anyone in agreement? Yes? No? Why?

Right to access information?

As a nurse in the hospital I have a right to access any patients information at any time as long as I am on duty. What would HIPAA say to that statement?