This is a story of two friends who’ve known each other since childhood. Both became nurses. Diane has a Master’s Degree in the Science of Nursing. After 20 years of service in the US Army, I complemented my BS degree in Nursing with a Master’s Degree in Criminal Justice. I then became certified as a Legal Nurse Consultant. Though we are in different parts of the country these days, we’ve both come upon an amazing and frankly scary observation. Nursing staffs in many hospitals are under-educated on the rules and obligations of HIPAA. We both came upon this discovery independently, and it was merely by chance that a conversation on work brought this to light to us both.
Though HIPAA was introduced in 1996, it wasn’t until 2003 and 2004 that deadlines and fines for compliance or lack thereof were truly established and enforced. That’s when the light bulb above my head started glowing. I knew from the nursing work I was doing that, other than material now covered in college nursing training, there was little formal HIPAA training, as the Final Omnibus Ruling went into law in 2013. By Sept. 23, 2013 hospitals and physicians needed to comply with the HIPAA omnibus final rule, which strengthens patient privacy protections and provides patients with new rights to their protected health information.
Here are some highlights from the omnibus final rule healthcare providers and covered entities should be mindful of to ensure compliance by Sept. 23, 2013
1. The final rule expands patient rights by allowing them to ask for a copy of their electronic medical record in electronic form.
2. Under the final rule, when patients pay out of pocket in full, they can instruct their provider to refrain from sharing information about their treatment with their health plan.
3. If a Medicare beneficiary requests a restriction on the disclosure of PHI to Medicare for a covered service and pays out of pocket for the service, the provider must also restrict the disclosure of PHI regarding the service to Medicare.
4. The final rule sets new limits on how information can be used and disclosed for marketing and fundraising purposes, and it prohibits the sale of an individuals’ health information without their permission.
5. Penalties for noncompliance with the final rule are based on the level of negligence with a maximum penalty of $1.5 million per violation.
Diane is obviously a smart woman and a brilliantly trained nursing professional. She and I realized that there was a gaping hole in the training necessary for hospital nurses to be 100% in compliance with HIPAA guidelines. The fines for non-compliance, especially at a large hospital, could overwhelm any insurance coverage at best, and lead to censorship of nurses, nursing management, hospital administrators, even physicians.
Diane and I sat down (virtually) and drew up a plan on how to approach hospital management, what material would need to be covered, and how much it should cost to provide training. As there are multiple shifts in a hospital, the plan needed to recognize that some training needed to be done both early in the morning and late at night. There was no “certificate” to hand out, though after a few early “test” meetings with nursing management, it was clear that their intent was to track who attended the education, as it was mandatory. The design was simple – to reduce the risk that hospitals could be exposed to by erroneous record keeping, corrections to patient files after the fact, and the potential impacts of moving to electronic records.
Diane and I live in different parts of the country. I’m in Michigan and Diane, well, let’s just say Diane is someplace warmer. But at least once a week I get a text message, or a phone call. It’s just Diane checking in. You see, I’ve discovered the same opportunity here in frosty Michigan. This gives us the chance to compare our slide decks, share questions that were first-of-a-kind surprises, and to make certain we are doing our part to help the hospitals lower their risk, and help nurses be at the top of their game when they are at work.
Get The Help You Need!
If you are the manager of a nursing staff at a hospital, urgent care center or even a small private surgi-center, I would be delighted to share with you the approach that is working so well, which had been received by dozens of nurses, and is surprisingly affordable. Simply send an email to me mailto:email@example.com I promise it’ll be the best 15 minutes you’ve spent in a long time. I look forward to hearing from you!