HIPAA is the legislation that protects a patient’s privacy and safety by providing provisions to prevent patient’s health information from being disclosed without authorization (Wagner, Lee, & Glaser, 2009).
HIPAA affects whom a health care provider can speak to regarding a patient’s health, or even where they may speak in situations where they may be overheard. It also affects whom a health care provider can release information to and what information can be released. It covers even so basic an activity as locking one’s workstation when leaving the desk to prevent unauthorized viewing of patient information. (“HIPAA Information,” 2003).
Information in any form that relates to the health, physical or mental, of an individual and is created by or for a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse (Wagner, Lee, & Glaser, 2009).
Each bit of information generated by a doctor’s visit is health care information, everything from a notation that the patient’s toe itches to EKG readouts. Age, height, weight, ethnicity, allergies, etc… all qualify as health information. A school, for example, may collect information on how many students are required to take medication during the school day and use that information to determine whether they need a larger refrigerator for the school nurse to keep the medication inside.
To be accessible, data must be able to be collected, including being legal to collect, and the data must be obtainable. Data may be illegal for certain groups to collect and legal for others. (Wagner, Lee, & Glaser, 2009).
In writing a doctor’s note for an individual requested by an employer to prove the individual was indeed under a doctor’s care for influenza, one should take care not to include more data than needed. The employer needs access to the dates of the treatment and the date an employee is cleared to go back to work, but does not need access to the employee’s family history of diabetes or information on the employee’s ongoing treatment for depression.
Additionally, it does not matter if the data was collected if it is not accessible to the health care provider at the time it is needed. A patient may have a complete medical record locked away in a safe in Dallas, but that does the doctor no good when the patient is seeking care in Miami.
To be relevant, the data must be meaningful for the purpose for which the data is collected. (Wagner, Lee, & Glaser, 2009).
The more information a care provider must go through to get to relevant information, the less efficient patient care becomes. When bringing a patient in for tests that require an overnight hospital stay, it may be relevant to get information on a patient’s dietary needs, but gathering information on a patient’s preferred color of nail polish would be a waste of resources.
Protected Health Information
Protected health information is defined by HIPAA as information that is identifiable, as in it is possible to determine which individual the data represents. EMRs, EHRs, and PHRs are examples of protected health information (Wagner, Lee, & Glaser, 2009).
Electronic medical record: A record that can be created, managed, and consulted electronically by authorized individuals inside a single healthcare organization (Wagner, Lee, & Glaser, 2009).
Electronic health record: An electronic medical record that conforms to standards enabling interoperability so it can be consulted across organizations (Wagner, Lee, & Glaser, 2009).
Personal health record: An electronic health record designed for use by the patient (Wagner, Lee, & Glaser, 2009).
HIPAA Information. (2003). Oriental Medicine Journal, 11(2), 42-44.
Wagner, K.A., Lee, F.W., & Glaser, J.P. (2009). Health Care Information Systems. A Practical Approach for Health Care Management (2nd ed.). San Francisco, CA: Jossey-Bass.
© 2010 – 2012, Within this mind. All rights reserved.