NUR 701 Nursing Policy Discussion Essay
NUR 701 Nursing Policy Discussion Essay
Describe what is meant by HIPAA and, in the event of a breach, outline the requirements of an organization for notification. What do those requirements mean for healthcare practice in terms of time and financial investment? Then, describe the process when inappropriate use of information systems occurs by authorized users. How do HIPAA and the HITECH Act help to curb this problem?
HIPAA is the Health Information Portability and Accountability Act which is intended to establish national standards by which health care information was secure and protected; decrease health care fraud and abuse; ensures health care information is shared through specific industry wide standards, and provide the ability to transfer and continue health insurance coverage when workers lose or change their jobs.
HIPAA has strict requirements that if violated will result in a breach. Which means health information is compromised. If the information is compromised the following must occur: Covered entities where the breach occurred must notified the individual(s) upon discovery of the breach in a written form by first class mail, or email if the affected individual agrees. If the covered entity does not have sufficient notification information for 10 or more individuals then they are required to post the notice on their homepage web site for at least 90 days. In addition, they must provide this information to the local media where most of the affected individuals reside. (McGonigle & Mastrian, 2015)
Notifications must be sent no later than 60 days following the discovery of the breach, with a brief description of how it occurred, what information was breached, information on what steps the individual may need to take from potential harm, how the breach is being investigated, how they are mitigating the harm in order to prevent further reoccurrence. Additionally, if the breach affects 500 or more residents of a state or jurisdiction, then the entity is required to give notice to the prominent media in that area as well as notify the Secretary of Health and Human Services and the Office of Civil Rights (OCR) of this occurrence. OCR will investigate the occurrence and may result in penalties for the violators of the event.
HIPAA rules are extensive and are continuously revised. The complexity of HIPAA has contributed to financial and time constraints within organizations. Due to the complexity, organizations have hired consultants, to help organizations navigate the HIPAA guidelines, provide education, create additional paperwork and develop the technology to ensure that workers understand HIPAA and remain in compliance. Time constraints have become apparent because no longer can information be shared because all information requires the patient to sign a consent to release that information. The transition from paper to HER requires technology, training, monies and additional surfaces to ensure the infrastructure to support these changes remains functioning. (Snell, 2015)
Over the years the implementation of the HTTECH Act and HIPAA has enhanced the rights of patients who have a better understanding of importance of protected health care and are pleased that organizations are carefully following the federal and state law requirements.
To help support organizations OCR, is required to provide annual guidance to practitioners and organizations to ensure compliance. With the complexity of the HITECH Act and HIPAA the organizations have implemented technologies and methodologies to make PHI secure. The HITECH act has enhanced HIPAA protection. HIPAA has the made created clear boundaries and finally gives our patients assurance that their private health information will be provided only when there is a legitimate clinical or business need to know. Through the addition of HIPAA and the HITECH Act patient now have a better understanding of the various uses of their health data
Identify moral dilemmas in healthcare informatics that would best be approached with the use of an ethical decision-making framework, such as the use of smartphones to interact with patients as well as to monitor and assess patient health. NUR 701 Nursing Policy Discussion Essay
2.Identify moral dilemmas in healthcare informatics that would best be approached with the use of an ethical decision-making framework, such as the use of smartphones to interact with patients as well as to monitor and assess patient health.
In my role of abstracting the psychiatric core measures, one question looks to see that upon discharge the patients transition of care record is transmitted to the next care provider. In this particular case, the patient refused to have his information sent. The patient informed the Social Worker that he would not attend the program and was discharged. The transition of care record was abstracted and the question was raised, because “everyone “has their records sent, should we send the transition record to the next provider to stay in compliance.
Ethical Dilemma: Breach of patient information if transmitted vs. patient may attend the program and the next care provider will not have his report.
Alternative #1: Inform the next care provider that the transition record cannot be sent because the patient would not consent.
Best case scenario/outcome: The record is not transmitted and the provider ask the patient to sign a release so the record can be sent
Worst case scenario/outcome: Core measure fails and the patient decides not to attend the program
Any rules nullified: No
Any one harmed? No harm except the failure of the core measure and the care provider can assess the patient and treat accordingly.
Does the benefit obtain outweigh the risk of potential harm? Yes, the patients’ rights were not violated vs. the next care provider does not receive pertinent information related to the care of the patient
Alternative #2: The record is transmitted and the patient is notified that it was sent without his permission.
Best case scenario/outcome: The patient is notified and appropriate measures are followed for breach of information
Worst case scenario/outcome: Patient is not informed and learns about record being sent and files a complaint
Any rules nullified: Yes, breach of patient information and organization discovered the event and did not self-report
Can anyone be harmed? Yes, violation of HIPAA (Ulrich et al., 2010)
McGonigle, D. & Garver Mastrian, K. (2015). Nursing informatics and the foundation of knowledge (3rd ed.). Massachusettes: Jones & Bartlett Learning
Snell, E. (Ed.). (2015). HIPAA data breaches: what covered entities must know. Retrieved from http://healthitsecurity.com/features/hipaa-data-breaches-what-coverd-entities-must-know
Ulrich, C. M., Taylor, C., Soeken, K., O’Donnell, P., Farrar, A., Danis, M., & Grady, C. (2010, November). Everyday ethics: ethical issues and stress in nursing practice. Journal of Advanced Nursing, 66(1), 2510-2519. http://dx.doi.org/10.111/j.1365-2648,2010.2010.05425