++
The health record is a legal document that is admissible as evidence in a court of law. As a healthcare professional, you will examine the patient to collect health information during their course of care.1 It is your responsibility as the overseeing healthcare professional to keep health information accurate, timely, relevant, secure, and confidential.
+++
The Health Insurance Portability and Accountability Act and Protected Health Information
++
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 prohibits the release of protected health information (PHI) without the patient's authorization. The HIPAA Privacy Rule defines PHI as “individually identifiable health information that is transmitted by electronic media, maintained in electronic medium, or transmitted or maintained in any other form or medium.”2 The following is a list of individually identifiable health information that would need to be removed prior to disclosing any patient information:
++
Names, of the individual patient or of relatives, employers, or household members
Geographic location, including street address, city, county, precinct, zip code
Date of birth
Admission date
Discharge date
Date of death
Telephone numbers
Fax numbers
E-mail addresses
Social Security number
Health record number
Health plan beneficiary number
Account number
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers
Device identifiers and serial numbers
Web Universal Resource Locators (URLs)
Internet Protocol (IP) address numbers
Biometric identifiers, including finger- and voiceprints
Full-face photographic images and any comparable images
Any other unique identifying number, characteristic, or code
++
++
Disclosing patient information must be taken seriously. When in doubt on what information is and is not appropriate to release, the health information management professional within your organization is a good resource to consult prior to releasing any patient information.
+++
Keeping Health Information Secure
++
Securing PHI involves minimizing the chance of getting a health record lost, altered, damaged, or destroyed.
++
The Administrative Simplification provisions of HIPAA require the Department of Health and Human Services (DHHS) to establish national standards for the security of electronic healthcare information. This rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.
++
Methods of protecting electronic health information include the following4:
++
Limiting access to information through the use of passwords, key cards, or biometric identification
Adding an electronic fingerprint into the health record for each entry including the name, date, and time that the entry/change to the record was made
Changing passwords frequently
Prohibiting the sharing of passwords among employees
Deleting system access immediately upon termination of an employee
Restricting copying function
Restricting printing function
Incorporating information on safeguarding electronic health information in employee orientation
Including security mechanisms in contracts with outsourced vendors
Establishing policies ...