Lesson 6: Protecting Confidentiality This lesson explains basic information about HIPAA, identifies the role of an ombudsman and confidentiality, ethics, and the importance of treating with dignity, respect and compassion.

Overview: This module trains participants in statutory confidentiality and the federal Health Insurance Portability and Accountability Act (HIPAA) of 1996. The primary goal of the law is to make it easier for people to keep health insurance and to protect the confidentiality and security of healthcare information.

Learning Objectives: At the conclusion of this module, participants will be able to:

  • Identify the role of an ombudsman and confidentiality;
  • Incorporate the guidelines for HIPAA and the importance of confidentiality, documentation and reporting;
  • Understand the ombudsman ethics and the importance of treating all people with dignity, respect and compassion.

Duration: 1 hour (approximate)

Confidentiality

The State Long-Term Care Ombudsman (Ombudsman) is responsible for managing all files, records, and other information of the Ombudsman program, whether in physical, electronic, or other formats. Such files are the property of the Office of the State Long-Term Care Ombudsman (Office). The Ombudsman has the sole authority to make or delegate determinations concerning the disclosure of files, records, and other information maintained by the Ombudsman program. Always follow your program policies and procedures pertaining to confidentiality and disclosure.

All files, records, and other information of the Ombudsman program must be kept confidential and only disclosed at the discretion of the Ombudsman or designee of the Ombudsman per program policies. Per the LTCOP Rule, “identifying information of any resident with respect to whom the Ombudsman program maintains files, records, or information, except as otherwise provided by § 1324.19(b)(5)-(8)” cannot be disclosed without informed consent of the resident or resident representative or in response to a court order. Similarly, identifying information of any complainant cannot be disclosed without informed consent of the complainant or in response to a court order. However, the Ombudsman may use discretion and disclose redacted files, records, or information that protects the identities of all residents and/or complainants.

Resident Confidentiality

  • When a person is placed in a nursing home, they gain a set of “residents’ rights” as mandated by both Florida and federal law. These rights are meant to empower nursing home patients by giving them the ability to control decisions regarding their medical treatment and personal care, and to help ensure that their safety and best interests are being catered to by the facility.
  • This also includes confidentiality for treatment, personal care, and medical records.

Ombudsman Responsibilities

  • Encourages consumers to access and use their own medical information and records,
  • Upholds residents rights, and
  • Follows LTCOP procedures regarding confidential information.

Residents and Family Members Access to Information

  • Residents and their personal representatives have the right to:
  • Inspect their clinical files,
  • Ask for corrections,
  • Request restrictions on disclosure to particular entities among other rights.

A Legal Representative

Someone who “under applicable law” has the authority to act on behalf of an individual in making decisions related to health care.

A Covered Entity May Provide Access

  • To a family member who lacks the legal authority as a legal representative pursuant to an authorization that meets Privacy Rule requirements.
  • This authorization can be for an extended period of time.

Code of Ethics

The Ombudsman:

  1. Provides services with respect for human dignity and the individuality of the client unrestricted by considerations of age, social or economic status, personal characteristics, or lifestyle.
  2. Respects and promotes the client’s right to self-determination.
  3. Makes every reasonable effort to ascertain and act in accordance with the client’s wishes.
  4. Acts to protect vulnerable individuals from abuse and neglect.
  5. Safeguards the client’s right to privacy by protecting confidential information.
  6. Remains knowledgeable in areas relevant to the long-term care system, especially regulatory and legislative information, and long-term care service options.
  7. Will provide professional advocacy services unrestricted by his or her personal belief or opinion.
  8. Participates in efforts to promote a quality long-term care system.
  9. Participates in efforts to maintain and promote the integrity of the Long-Term Care Ombudsman Program.
  10. Supports a strict conflict of interest standard which prohibits any financial interest in the delivery or provision of nursing home, board and care services, or other long-term care services which are within the scope of involvement.
  11. Shall conduct him or herself in a manner which will strengthen the statewide and national ombudsman network.

Code of Ethics for Ombudsmen

  • Regardless of an ombudsman’s level of experience or the complexity of the issue or problem which is being addressed, there is a basic set of principles which guide an ombudsman’s decisions.
  • The National Association of State Long-term Care Ombudsman Program (NASOP) developed the following code of ethics for ombudsmen.

In order to provide appropriate quality advocacy services, program representatives shall conduct themselves with integrity and accountability. Additionally, representatives shall behave at all times in a manner consistent with the concepts and principles contained within these program orientation materials.

The program representative shall sign an agreement of participation in the program and make a commitment to program requirements, mission, values, code of ethics, and the responsibility to uphold federal and state law, rules and regulations, and additional items located within program operational guidelines, as well as program policy and procedures.

Code of Ethics

Each representative of the office of the state ombudsman shall:

  • Act at all times in a manner that respects the dignity and individuality of residents of long-term care facilities, representatives of residents in long-term care facilities, and each other.
  • Respect each resident’s right to self-determination and right to live a life according to values adopted for him/herself, and refrain from restricting services on the basis of the program representative’s personal beliefs. Each program representative will make every reasonable effort to ascertain and act in accordance with the resident’s wishes and beliefs.
  • Provide service to all clients who request it without regard to age, gender, race, religion, social or economic status, national origin, personal characteristics, or lifestyle.
  • Act to protect vulnerable individuals from abuse, neglect and exploitation, and report any cases of this to the proper agency.
  • Demonstrate a knowledge and understanding of the principles of empowerment. Only if residents are unable to act on their own behalf will a program representative intervene.
  • Perform necessary administrative assessments in accordance with Florida law.
  • Display an attitude and demeanor respectful and supportive of the program and its representatives.
  • Wear ombudsman credentials whenever performing official ombudsman duties on behalf of long-term care facility residents.
  • Develop and maintain a professional relationship with the staff of long-term care facilities, always mindful that his/her allegiance lies with the resident and the mission of the program.
  • Present him/herself in a manner that reflects positively on the Long-Term Care Ombudsman Program.
  • The State Long-Term Care Ombudsman reserves the right to release volunteers of their duties for violations of conduct. Volunteers who do not adhere to the rules and procedures of the program or who fail to satisfactorily perform their volunteer assignment may be reassigned or released from their position.

Statement of Values - Value of Elders

  • No resident should ever be abused, neglected, or exploited.
  • Residents should have meaningful access to the ombudsman program to protect their rights.
  • Older people should have autonomy and choice to the maximum extent possible in respect to how they live their everyday lives.

Value of Long-Term Care Facilities

  • Facilities should provide living environments for residents that allow them to live in the manner they lived in their own homes.
  • Facilities should promote residents’ rights, not just tolerate them.
  • Facilities should provide individualized care that promotes the highest possible level of functioning and well being.

Value of Program Representatives

  • Treat all people with dignity, respect and compassion.
  • Be resident-centered, not facility-centered, and place the welfare of the resident above all other concerns.
  • Know that confidentiality and empowerment are the cornerstones of our advocacy services.
  • Build awareness in the community of ombudsman services through resident councils, family councils, and public education.
  • Understand and ensure the enforcement of laws, regulations, and policies that improve long-term care.

Conflict of Interest

  • Ensure that no individual, or member of the immediate family of an individual, involved in the designation of the ombudsman (whether by appointment or otherwise) or the designation of an entity designated under subsection (a)(5), is subject to a conflict of interest;
  • Ensure that no officer or employee of the office, representative of a local ombudsman entity, or member of the immediate family of the officer, employee, or representative, is subject to a conflict of interest; Ensure that the ombudsman –
  • Does not have a direct involvement in the licensing or certification of a long-term care facility or of a provider of a long-term care service;
  • Does not have an ownership or investment interest (represented by equity, debt, or other financial relationship) in a long-term care service;
  • Is not employed by, or participating in the management of a long-term care facility; and
  • Does not receive, or have the right to receive, directly or indirectly, remuneration (in cash or in kind) under a compensation arrangement with an owner or operator of a long-term care facility.
  • Establish, and specify in writing, mechanisms to identify and remove conflicts of interest referred to in paragraphs (1) and (2), and to identify and eliminate the relationships described in subparagraphs (a) through (d) of paragraph (3), including such mechanisms as-
  • The methods by which the state agency will examine individuals and immediate family members to identify the conflicts; and
  • The actions that the state agency will require the individuals and such family members to take to remove such conflicts.

Learning Objectives

  • To increase awareness of HIPAA Privacy guidelines
  • To demonstrate the importance of protecting a patient’s privacy.

"HIPAA" stands for the Health Insurance Portability and Accountability Act of 1996. It’s a broad federal law that addresses several health care issues, including administrative simplification, privacy standards, and fraud and abuse. The main purpose of HIPAA is to let people take their health insurance benefits with them when they change jobs or leave the workforce.

Definitions

Individually identifiable health information includes information such as demographic information that:

  • Is created or received by a health care provider, health plan, employer, or health care clearinghouse;
  • Is related to the past, present, or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
  • Identifies the individual, or there is a reasonable basis to believe the information can be used to identify the individual.

Ombudsmen and HIPAA

Under the Privacy Rule, the LTCOP is a “health oversight agency.” Therefore, the Privacy Rule does not preclude release of residents’ clinical records to the LTCOP, with or without authorization of the resident or resident’s legal representative. Also, since the LTCOP is a “health oversight agency,” nursing homes and other “covered entities” may, in response to appropriate ombudsman inquiries, share other information without fear of violating the Privacy Rule.

  • State agencies on aging are required under the Old Americans Act to ensure appropriate ombudsman access to residents’ records.
  • Nursing homes that participate in Medicare and Medicaid are required to provide ombudsmen access to residents’ records with the permission of the resident or the resident’s legal representative, consistent with state law.
  • To ensure that all facilities covered by the program provide access to records under all the circumstances outlined in Section 712 (b) of the OAA, state agencies on aging must ensure that the state has in place statutory, regulatory or policy requirements sufficient to ensure that the facilities provide such access. This includes nursing homes that do not participate in Medicare, Medicaid, board and care, assisted living facilities and other similar facilities.

Residents' Records

The Nursing Home Reform Act of 1987 amended Sections 1819 (Medicare) and 1919 (Medicaid) of the Social Security Act by adding the following provision:(c)(3)(E) ACCESS AND VISITATION RIGHTS- A nursing facility must permit representatives of the State ombudsman, with the permission of the resident or the resident’s legal representative, consistent with State law, to examine a resident’s clinical records.

Thus, nursing homes which participate in Medicare and Medicaid are required by Federal law to permit ombudsman representatives to examine a resident’s clinical records with permission of the resident or the resident’s legal representative, consistent with state law.

Neither the Older Americans Act nor the Social Security Act, as amended by OBRA, requires that permission must be in writing; however, it is strongly recommended that when ombudsmen examine a resident’s records, they document in the case file that they have obtained permission to do so, in accordance with these statutory requirements.

Implications of the OAA, OBRA, and HIPAA Privacy Rule Requirements for LTCOP work

If an ombudsman program representative has the permission of the resident or the resident’s legal representative, the facility is required, under the federal conditions of participation for Medicare and Medicaid, to provide the ombudsman with access to the resident’s clinical records, consistent with state law.

The OAA requires state Agencies on Aging (AOA) to ensure that ombudsman program representatives have appropriate access to review residents’ medical and social records, in the following instances:

  • The representative has the permission of the resident or the resident’s legal representative;
  • The resident is unable to give consent and has no legal representative; or,
  • Access is necessary to investigate a complaint, when the resident’s legal guardian refuses permission and the ombudsman representative has reasonable cause to believe that the guardian is not acting in the best interests of the resident. The representative then obtains the approval of the State Ombudsman.

Any resident of a nursing home that participates in Medicare or Medicaid has the right to access his or her medical records upon their request or the request of their legal representative. Under the regulations, the resident or the resident’s legal representative has the right:

  • Upon an oral or written request, access all records pertaining to the resident, including current clinical records, within 24 hours (excluding weekends and holidays); and
  • After the records are received, purchase at a cost, not to exceed the community standard, photocopies of the records or any portions of them upon request. The facility has two working days to provide the photocopies.

If, as required by the OAA, a state has ensured ombudsman access to residents’ clinical records and other information through a binding state law, regulation or policy on long-term care facilities, the facility must permit ombudsman access to residents’ records and other information, in accordance with the state requirements. The Privacy Rule does not affect this requirement.

HIPAA Impact on Residents' and Their Representatives' Access to Individual Clinical Files

The Privacy Rule offers the following rights to residents and their personal representatives regarding their protected health information:

  • Inspect and obtain a copy of their health information. Provider may charge reasonable fees for copying, postage, and preparation of a summary or explanation.
  • Ask that corrections be made to their protected health information. If their request is denied, the entity must notify the resident with an explanation and must include the request, denial, and additional information in the record.
  • Receive written notice of privacy practices.
  • Request restrictions on disclosure to particular entities and use of information.
  • Accommodation of a reasonable request for alternative communication, for example, request to use alternate mailing address.
  • Receive an accounting of certain disclosures.
  • File a written complaint to the Secretary of the Department of Health and Human Services (HHS) or the entity without retaliation.

Health Plan

A plan that provides or pays the cost of medical care. Health plans include:

  • A group health plan that has 50 or more participants;
  • A health insurance company;
  • A health maintenance organization which may include preferred provider organizations, independent practice associations, exclusive provider organizations, and foundations for medical care;
  • Medicare and Medicaid programs;
  • A long-term care policy, including a nursing home fixed-indemnity policy;
  • An employee welfare benefit plan for the employees of two or more employers;
  • Health care programs for active military personnel; and
  • The veterans’ health care program.

Health Care Providers

Providers of medical or other health services; or any person or organization that furnishes, bills, or is paid for health care in the normal course of business. This includes institutional providers such as hospitals, skilled nursing facilities, home health agencies, clinics, clinical laboratories, pharmacies, and suppliers of durable medical equipment. This also covers any appropriately licensed or certified healthcare practitioner, many types of therapists, technicians, and aides.

HIPAA Compliance

HIPAA imposes significant new requirements on nearly every organization that provides or pays for healthcare services. Under HIPAA, the organizations that are directly affected and must comply with the regulations are known as “covered entities”. Covered entities include:

  • All health plans (including self funded employer plans and government programs like Medicare and Medicaid)
  • Healthcare providers who transmit certain electronic transactions (known as “covered transactions”)
  • Healthcare clearinghouses

HIPAA Enforcement

The Office of Civil Rights (OCR) enforces compliance with the privacy regulations. If an individual files a complaint with the OCR, it will conduct an investigation, reviewing the circumstances of the complaint and what the organization has done to comply.

The OCR may also conduct a full compliance review, which could extend to every aspect of the organization’s compliance with HIPAA regulations. Failure to comply with the regulations may result in a penalty of $100 per violation, up to $25,000 in a year or criminal prosecution.

Privacy Standards

The privacy standard is designed to protect the confidentiality of health information and give individuals more control over how their information is used. Under the privacy regulations, individually identifiable health information cannot be used or disclosed unless the person’s permission is obtained. Notably, providers are not required to obtain consent, but they may choose to as a courtesy, to use or disclose information in order to treat, arrange for payment, or in general health care operations.

Additionally, certain rights of individuals are outlined with respect to their health information. These rights include the following:

  • Access to health information;
  • Receive notice about a covered entity’s privacy practices;
  • Restrict the use of protected health information;
  • Obtain an accounting of the uses and disclosures of protected health information; or,
  • To request amendments to health information (although the provider or health plan is not required to accept or comply with the request).

Communicating with a Patient's Family, Friends, or Others Involved in the Patient's Care

Even though HIPAA requires health care providers to protect patient privacy, providers are permitted, in some circumstances, to communicate with the patient’s family, friends, or others involved in their care or payment for their care.

This guide is intended to clarify these HIPAA requirements so that health care providers do not unnecessarily withhold a patient’s health information from these persons. This guide includes common questions and a table that summarizes the relevant requirements.

Common Questions About HIPAA

If the patient is present and has the capacity to make health care decisions, when does HIPAA allow a health care provider to discuss the patient’s health information with the patient’s family, friends, or others involved in the patient’s care or payment for their care?

If the patient is present and has the capacity to make health care decisions, a health care provider may discuss the patient’s health information with a family member, friend, or other person if the patient agrees or, when given the opportunity, does not object. A health care provider also may share information with these persons if, using professional judgment, he or she decides that the patient does not object. In either case, the health care provider may share or discuss only the information that the person involved needs to know about the patient’s care or payment for their care.

Examples

A doctor’s office may discuss a patient’s bill with the patient’s adult daughter who is with the patient at the patient’s medical appointment and has questions about the charges.

A doctor may discuss the drugs a patient needs to take with the patient’s health aide who has accompanied the patient to a medical appointment.

A doctor may give information about a patient’s mobility limitations to the patient’s sister who is driving the patient home from the hospital.

A nurse may discuss a patient’s health status with the patient’s brother if she informs the patient she is going to do so and the patient does not object.

However:

A nurse may not discuss a patient’s condition with the patient’s brother after the patient has stated she does not want her family to know about her condition.

Does HIPAA require that a health care provider document a patient’s decision to allow the provider to share his or her health information with a family member, friend, or other person involved in the patient’s care or payment for their care?

No. HIPAA does not require that a health care provider document the patient’s agreement or lack of objection. However, a health care provider is free to obtain or document the patient’s agreement, or lack of objection, in writing, if he or she prefers. For example, a provider may choose to document a patient’s agreement to share information with a family member with a note in the patient’s medical file.

May a health care provider discuss a patient’s health information over the phone with the patient’s family, friends, or others involved in the patient’s care or payment for their care?

Yes. When a health care provider is allowed to share a patient’s health information with a person, information may be shared face-to-face, over the phone, or in writing.

CLICK HERE FILL OUT THE INFORMATION SUBMIT ONCE YOU HAVE COMPLETED LESSON 6
CLICK HERE TO CONTIUNE TO LESSON 7

Credits:

Created with images by • undefined - undefined