Professional Nursing Service

This notice describes our practices regarding patient medical information and the general requirements of health care professionals as stipulated in the HIPAA regulations.

HIPAA

HIPAA or the Health Insurance Portability and Accountability Act, represents a federal action to assure that the medical information of a patient is protected and kept private. Privacy is very important in health care and by understanding HIPAA regulations you can help to avoid accidental disclosures of information. Everyone that handles protected health information should be trained about confidentiality in compliance to HIPAA regulations. Protected health information may be described as any health information that is individually identifying. HIPAA regulations require that all efforts be strictly maintained to keep protected health information (PHI) confidential.

This pamphlet will help you understand the patient rights regarding privacy of information and help you to handle any questions or requests by a patient in this respect. Understanding HIPAA policy and procedures, and being familiar with them, is the best place to start. Be sure to read each section carefully

In addition to your initial training, Professional Nursing Service (PNS) will provide you with annual training to ensure that you are aware of the HIPAA requirements for any future assignments.

Simply put, the Health Insurance Portability and Accountability Act has been created to protect individual rights regarding health information. This Act includes standards to protect the privacy of individually identifiable health information. It indicates rules that apply to all facets of health care. It defines present standards with respect to the rights of individuals who are the subjects of health information. In today’s world of information technology it becomes increasingly more important to safeguard private information

Adherence to HIPAA regulations will minimize the unauthorized disclosure of protected health information.

Introduction of the Privacy Officer

HIPAA regulations require that health care facilities and companies designate a Privacy Officer as the point of contact for questions or concerns regarding protected health information. This person is usually located on site and acts as a liaison for staff members, patients, patients’ family and friends, and all other parties involved. The Privacy Officer should have information on hand regarding HIPAA regulations and also be able to offer clarification on all issues regarding protected health information. The Privacy Officer is your point of contact at the facility regarding confidentiality of patient records and guidelines for the correct use and distribution of patient information. At the beginning of each assignment you should familiarize yourself with the facility’s Privacy Officer.

PNS also employs a Privacy Officer. Should you have any questions regarding protected health information, you may call PNS at (800) 777-6430 and speak to the Privacy Officer. Please be aware that the Privacy Officer at PNS is not directly associated with any specific hospital or health care facility. The Privacy Officer at PNS is able to give general information regarding HIPAA practices and regulations. The Privacy Officer at PNS also monitors the health information of PNS employees.

Specific questions related to issues at the facility should be addressed with the facility’s designated Privacy Officer.

Policies

1. Notice of Privacy Practices



Health care facilities should distribute a Notice of Privacy Practices (NPP) to patients upon admission to the facility. All staff employed at the facility must become familiar with the privacy practices of the facility. It is necessary to read the facility’s NPP thoroughly since privacy regulations may differ from state to state, and practices may differ from facility to facility.




The basic concepts behind the privacy rules are:





1. Individuals have the right to control their personal health information.


2. Covered Entities (i.e., Health Care Facilities, etc.) have the duty to protect personal health information.


3. All staff members of Covered Entities have a personal obligation to assure that the established privacy
   practices are being followed and that protected health information is kept confidential.





Your Privacy Officer at PNS can provide you with a detailed copy of the standard “Notice of Privacy Practices” as defined by the Code of Federal Regulations upon request. However, all health care professionals employed as either general or contracted staff must familiarize themselves with the privacy practices of the facility at which they work. While the standard NPP can give you a firm understanding of the privacy requirements, it will not encompass all practices in all states and facilities. Also, NPPs may be changed, renewed, canceled, extended or amended periodically. Each facility’s Privacy Officer and provide you with a copy of the facility’s privacy practices.



2. Right to Confidential Communications Policy



Patients may request to receive confidential communications of their protected health information. The patient is not required to give a reason for this request. If disclosing information through regular channels will endanger the patient, he/she may want to make that known to you. A patient may request that communications from the practice be sent to an alternate location or by an alternate means.




Professional Nursing Service will accommodate reasonable requests for such confidential communications. Professional Nursing Service prefers these requests to be in writing.



3. Authorization for Release of Protected Heath Information Policy



Protected health information should only be released from a health care facility with a properly executed authorization from the patient or his/her personal representative, except for treatment, payment, or health care operations and as otherwise required by law. The patient upon admissions signs this authorization form to the health care facility. Each individual facility is expected to retain a copy of the authorization according to HIPAA regulations. A patient may revoke his/her authorization to use or disclose PHI at any time. Actions taken prior to the revocation are excluded.




Professional Nursing Service and its staff will only use or disclose PHI, except as noted above, consistent with the terms of the authorization



4. Patient Amendment of the Medical Record Policy



Any patient may request that his/her medical record be changed, corrected, or amended provided the request is submitted in writing. The company/practice may accept or deny this request and must inform the patient in writing of the decision within 60 days. If the request is denied, the practice must give a reason for denying the request.




Denying a request to amend the medical record may be due to, but not limited to, some of the following reasons: information is not part of the designated record set; information is complete and accurate; under HIPAA the patient is restricted from accessing or amending this information.




Requests/denials will be retained for six (6) years and must be included in future releases of the patient’s protected health information (PHI). Requests for amendment of medical records should be submitted to the Privacy Officer for action.



5. Patient Access to the Medical Record Policy



Patients have the right to inspect and receive copies of their medical records. Practices may charge for the costs of supplying the record. The patient should be notified of this cost and agree to it in advance. Practices have the right to deny a patient’s request to inspect and copy their medical record. This denial must be in writing and explain why the request has been denied.




There are several circumstances when the denial may not be appealed:





• Psychotherapy notes


• Information compiled in reasonable anticipation of or for use in a civil, criminal, or administrative action proceeding.


• Protected health information maintained by a practice subject to Clinical Laboratory Improvements Amendments (to the extent access to an individual would be prohibited by law).


• PHI regarding an inmate at a correctional facility.


• In research situations, if the patient was advised prior to the study.


• If the information was obtained from someone other than a health care provider and if access would compromise an individual providing information under a promise of confidentiality.





The patient can appeal the denial and has the right to request review by another licensed health professional designated by the practice and who was not a part of the original decision to deny access.





• If a licensed health care professional determines that the requested access would endanger the life or physical safety of the individual or another person.


• If the record makes reference to another person and the licensed health professional believes the access could cause substantial harm to that person.


• Request has been made by patient’s personal representative and the licensed professional believes it could cause harm to that individual or another person.





Patients should make this request in writing. It is then submitted to the facility Privacy Officer for action.



6. Restriction of Use or Disclosure of Protected Health Information Policy



A patient has the right to request that the use and disclosure of his/her protected health information can be restricted for treatment, payment, and health care operations, as well as restricting disclosure to certain people, such as family members. The restriction request must be in writing, be specific as to what information is covered by the request, whether it covers use, disclosure, or both, and to whom these limitations apply.




The practice does not have to agree to such requests. If the practice agrees to the request, it will honor the request except when overriding laws or emergencies apply




The agreement to restrict health information use and/or disclosure of treatment, payment, or health care operations may be terminated at any time, in writing, by the patient, or by the practice for health information created or received after the date of the notice.



7. Accounting of Non-Authorized Disclosures Policy



Protected health information may be disclosed without patient authorization (“non authorized”) in certain circumstances. These include but are not limited to:






• Public health authority


• The FDA


• The medical examiner after a patient has died


• Worker’s Compensation


• As authorized by state or federal law





The practice is not required to account for disclosures made: to the individual to which the information pertains, for treatment, payment or health care operations, when authorization is given, to persons involved in the patient’s care, for national security or intelligence, to correctional institutions or law enforcement officials, as part of a limited data set or that occurred prior to April 14, 2003.

If the practice makes certain non-authorized disclosures, it will keep a log of the disclosure for six (6) years. An accounting must include: the date of disclosure, the name of the entity or person who received the PHI disclosed, and a brief statement of purpose for the disclosure

A patient may request, in writing, an accounting of any non- authorized disclosures of his/her PHI. The patient is allowed one accounting per year at no charge. If a patient requests frequent disclosures, the practice may charge for this service, provided the patient is informed of the approximate charge in advance and agrees to it. The practice must retain documentation of any accounting made to an individual.

The practice will respond to the request for accounting within 60 days of the receipt of the request.

The Office of Civil Rights has established certain penalties regarding violations of confidentiality. Multiple violations of the same standard may result in fines of up to $25,000 per year. Also, the knowing misuse of protected health information may result in fines up to $250,000 and/or imprisonment



8. Patient Privacy Complaint Policy



Patients have a right to file a formal complaint if they feel an agency has not adequately protected their privacy. This complaint must be submitted in writing to the Privacy Officer or may be submitted directly to the U.S. Department of Health and Human Services Secretary. The complaint must be submitted within 180 days of the event of concern. The Privacy Officer is responsible for the investigation and resolution of the complaint. The practice must maintain a record of the complaints and the resolution, if applicable, for six (6) years.



9. Explanation of Minimum Necessary Standard



Many agencies, including Professional Nursing Service, adhere to the following “Minimum Necessary Standard”:

All uses, disclosures of, or requests for protected health information (PHI) will be limited to the minimum amount necessary to accomplish the stated purpose. Professional judgment will determine the amount of information to be released. The minimum necessary standard is not intended to impede the provision of quality health care.

Disclosures of PHI between providers for treatment, payment, and health care operations, or pursuant to an authorization without complying with this requirement are exempt from the minimum necessary rule.



10. Confidentiality Policy

All employees, staff, contractors, and agents of Professional Nursing Service will be trained to respect the health care information of the patients of our practice and associates. They will treat all medical, personal, biometric, and financial information as confidential. All employees, staff, contractors, and agents of PNS will receive confidentiality training and sign confidentiality agreements annually. Any person who breaches this trust will be disciplined and risks immediate termination.

All employees, staff, contractors, and agents of Professional Nursing Service will read the “Notice of Privacy Practices” as provided by PNS and will sign the “Employee Confidentiality Agreement”. This documentation is then kept in the employee record at PNS.

If you have any questions regarding privacy practices, or should you want a more detailed description of these practices,
please contact our Privacy Officer at (800) 777-6430

I, the signee, do affirm that I will not divulge Professional Nursing Service data nor data of their associated contract facilities to any unauthorized person for any reason. Neither will I directly nor indirectly use, or allow the use of, Professional Nursing Service and their associated contract facilities’ data for any purpose other than that directly associated with my official assigned duties. I understand that ALL PATIENT INFORMATION, including financial data, is strictly confidential. Furthermore, I will not, either by direct action or by counsel, discuss, recommend, or suggest to any unauthorized person the nature or content of any Professional Nursing Service data nor their associated contract facilities’ information. Violation of confidentiality is cause for disciplinary action, including immediate dismissal. I understand that signing this document does not preclude me from reporting instances of breach of confidentiality.

By signing this document I also attest that I have read and understand the “Notice of Privacy Practices” information provided by Professional Nursing Services in accordance with HIPAA regulations. I understand that individual health care facilities may follow procedures that differ from this information. I agree to consult with the Privacy Officer of the health care facility at which I am employed regarding the confidentiality procedures of that facility.