Disasters and HIPAA

HIPAA, the patient health privacy law, is not only a medical/writing hot topic, but evidently a social media one as well.

Here at Redwood’s, I’ve blogged A LOT about HIPAA and writers violation of the act. You can read some of those posts by following the links: Part I, Part II, and Part III.

Let’s look at a recent example that was social media focused and revolved around the Moore, OK F5 tornado that struck on May 20, 2013.

People, in general, want to be helpful. That’s one reason why social media is becoming an avenue to try and locate lost loved ones. You’ll see missing children posters and even teens/adults posting pictures in hopes of finding biological parents that may have adopted them out.

During the crisis in Moore, an “ad” (poster, plea– whatever you’d like to call it) was put up on Facebook stating that a child had been found and said child was located at the hospital and gave the hospital’s number.

What surprised me, honestly, was the backlash of some against this photo decrying a HIPAA violation.

Umm. . . well . . . no. I don’t personally believe so.

In order to have a full fledged HIPAA violation, medical information has to be disclosed with a patient’s name. Since the sign had absolutely no medical information— there was no violation. Even if it had said the child was a patient (which is did not)— there still wouldn’t have been a violation because it didn’t disclose treatment and/or diagnosis.

This is really no different than calling up the ER and asking— “Hey, is John Doe a patient there?” Giving a patient location is not a HIPAA violation. Saying, “Oh, Yea– Johnny is here and let me tell you— he’s not feelin’ that broken femur after his blood alcohol came back at 0.5” is clearly a violation because you’ve disclosed sensitive medical information.

But I digress.

See the difference?

Let’s cut people some slack– particularly when a disaster strikes their communities. Recognize the heart of what they were trying to do— get parent and child back together.

And let’s all continue to pray for this community.

Author Question: Disclosing Protected Health Information Under HIPAA

Remember the nurse who committed suicide in the wake of the Australian radio DJ’s that posed as the Queen of England to get the medical staff to disclose private details of the Duchess?

I totally get, as a nurse, why she made that choice.

Every day, nurses face critical choices that can have dire consequences. Most often, I can say from being in this field for 25 years, that 99% of the time, medical people DO NOT have ill intentions toward their patients. They are not maliciously trying to harm people. Do mistakes happen . . . yes. But usually it is the result of a system wide problem.

This nurse that patched through the radio personality posing as the Queen of England probably was thinking, “Wow, the Queen! I better patch her through post haste. I wouldn’t want to do anything to upset the monarchy.”

She may have been star-struck– I don’t know. But we don’t ask for credentials over the phone. If you say your Britney Spears’s sister– why should I doubt you?

I can understand the horror this nurse must have felt when she learned of the prank. I know she likely feared for her job (and had every right to be fearful). I know she likely felt horrified that that one simple action of transferring a phone call led to mass attention being drawn her way.

Sadly, since I don’t know this nurse personally and am only guessing, this may have been the proverbial straw that broke the camel’s back.

HIPAA issues/violations can have dire consequences for the healthcare provider. We can lose our jobs.

In short, HIPAA is a set of laws designed to protect patient’s privacy. I’ve done a series on HIPAA that you can find here. Part 1, Part 2, and Part 3.

However, I recently got an author’s question that kind of took a new spin so I thought I’d cover it here.

Glenda asks:

In the novel I’m writing (my first), I have a young mother of a four-year-old who is in a coma because of an automobile accident hundreds of miles away from her home.  There are no other next of kin other than the child.  How can a minister who’s trying to help solve a mystery get more information about her condition? Who can the doctor disclose her condition to?  What information can be disclosed under HIPAA?  If you would address that in one of your future blogs, I would greatly appreciate it.  I’ve read through a lot of information but haven’t seen anything that addresses a situation such as this. Thank you so much!

Jordyn Says:

I think it will be hard for this minister to get information unless he became the appointed legal guardian over her (since she’s incapacitated and he’s caring for her son and they can’t find any other family.) This might be a better question to run by a lawyer– how could he become her legal guardian? The hospital is going to want someone they can go to. If he served that way— they would release information to him. Likely, he’d have to fill out a request through the medical records department.

In lieu of that– likely what he would be told would be the condition. Grave, Critical, Poor, Fair, Stable, Good— something along those lines without specific information.

In follow-up Glenda did ask her son-in-law who is a lawyer this question and here is her information after that consultation.

Glenda says:

My attorney son-in-law said that the minister would have to go before a judge to be a guardian ad litem (in South Carolina at least) in order to get medical information on the mother and to make decisions for the child while the mother was unable to do so.  Thanks for your advice!

My pleasure, Glenda. And best of luck with this novel.

******************************************************************************

Glenda Manus recently retired after teaching 30 years in an elementary school. Her love of reading good books prompted her to try and write one of her own. Though book writing is a challenge (Amen, sister!) she feels God is with her on the journey.

EMTALA and the Writer

What is EMTALA and why should I, as an author (and maybe a healthcare consumer), care about it? EMTALA, like HIPAA, sounds like a foreign language but has large ramifications for healthcare providers. Here’s a series I did on HIPAA and how it is often dealt with poorly in fiction writing.

1. http://jordynredwood.blogspot.com/2011/12/author-beware-law-hipaa-part-13.html
2. http://jordynredwood.blogspot.com/2011/12/author-beware-law-hipaa-part-23.html
3. http://jordynredwood.blogspot.com/2011/12/author-beware-law-hipaa-33.html

EMTALA stands for the Emergency Medical Treatment and Active Labor Act. It was passed in 1986 as part of the Omnibus legislation and is sometimes referred to as COBRA. COBRA is the legislation that dictates how you’re covered by medical insurance when you change jobs.

The reason behind EMTALA was to prevent patients (those covered by Medicare, Medicaid, or without insurance) from being “dumped” to other institutions because of poor reimbursement or no reimbursement on part of the patient.

When refusing care (problem #1), the patients condition can deteriorate while they’re trying to get to another hospital. This is overall, of course, bad.

This only applies to those hospitals that receive Medicare and/or Medicaid funding which is virtually all US hospitals. If a hospital is found to have an EMTALA violation– heavy fines can be imposed and hospitals can lose their government funding. If that were to happen, the hospital would likely have to close its doors.

Dr. Tanya Goodwin covered how this relates to a patient in active labor in this post.

I thought I’d talk a little about how it relates to the emergency department.

Any patient that presents to the ER must be given a “medical screening exam”. This will vary from state to state on who can provide these exams. Some may require a physician while others may be okay having an RN complete it. This is dictated by that state’s scope of practice. Here are a few previous posts that deal with scope of practice issues:

1. http://jordynredwood.blogspot.com/2011/09/perinatal-providers-scopes-of-practice.html
2. http://jordynredwood.blogspot.com/2011/08/author-beware-wrong-medical-procedure.html

If the patient does not have an emergency, the hospital can “screen” that patient out to another facility, urgent care, or their doctor’s office to be seen later.

Let’s look at a real life example. I work in a pediatric ER. We generally treat patients up to age 21. After that– they need to transition to adult care.

So, let’s say I’m in triage and a 65 y/o male presents to the ER for treatment of an uninfected ingrown toe nail. Based on our treatment guidelines– being a pediatric facility– the on-duty physician can either treat or “medically screen” the patient out because though an ingrown toe nail may be painful– it is not a medical emergency.

Now, can you do this in your manuscript? A physician is fed up with a patient and kicks him out of the ER. Is that an EMTALA violation? Did he provide an exam? Was the patient having an emergency?

As a result of this law– generally a patient who collapses (maybe a patient suffering a gun shot wound is “dropped off” at the hospital) on hospital property needs to be given care. There have been instances of this on the news where someone collapsed and based on their position in relation to hospital property– care was or was not provided. EMTALA dictates the hospital’s response in these circumstances.

For more on EMTALA– you can read here.
http://www.emtala.com/faq.htm

Have you ever dealt with an EMTALA issue in your manuscript?

HIPAA and Law Enforcement

I had a phone consultation with an author who wanted to discuss HIPPA.

As you know, HIPAA is a set of laws designed to protect patient privacy.

Here’re links to a previous series I did on HIPAA: Part I, Part II, and Part III.

His question centered around whether or not law enforcement was privy to medical info.

In the pediatric ER– we will readily discuss medical issues with law enforcement because it usually deals with us reporting child abuse. Police also need information so they know the degree of serious bodily injury (or SBI) to determine if charges should be pressed.

However, I didn’t know much about how my adult ER compatriots generally approached the issue. HIPAA is difficult to understand in its entirety and most healthcare professionals are apt to err on the side of providing no information rather than get in trouble for giving out information that they shouldn’t.

Keep in mind that the main crux of this law was also to give you the power to always view your medical information. A hospital or medical provider cannot keep your records from you. Even if you are in the hospital– you should be able to ask to see documents. What the hospital may do is have a representative sit with you to “watch” you so 1. you don’t tamper with the record and 2. they can explain the medical lingo.

Unfortunately, some places make it challenging for patients to get their information. You should absolutely have to sign a medical release form. But after that, I’ve known of hospitals to state it can be up to two weeks or more for records and that they may charge you for the copying of each page. That can be frustrating experiences for families.

Pertaining to this author’s question– come to find out through a little research for said author, that HIPAA does allow for discussions with law enforcement personnel.

Here is the particular section that pertained directly to the authors question from this link:

Law Enforcement Purposes. Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement official’s request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death; (5) when a covered entity believes that protected health information is evidence of a crime that occurred on its premises; and (6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.34

Just goes to show you what you can learn whilst doing some research!

Author Beware: The Law– HIPAA (3/3)

Today, I’m concluding my three-part series on the HIPAA law. I’m going to focus on how I’ve seen it violated in published works of fiction.

Image by Neven Divkovic from Pixabay

Situation 1: A hard-nosed journalist makes entry into the hospital and begins asking the staff about a current patient. One nurse pulls him aside and gives him the information. This is a clear violation of HIPAA. All media requests will go through the public relations office. For any information to be released, the patient needs to give their permission.

Situation 2: A nurse on duty calls her friend and notifies her that another victim involved in a crime spree, that her sister was a victim of, is an inpatient at her hospital. Again, unless that person has provided direct care to the patient or the patient gives their consent for the information to be released, the nurse is in violation of HIPAA. However, the author of this particular manuscript handled it well. At least she had the character divulge that she could get in “big trouble” if upper management found out what she’d done. Think back to Brittney Spears in Part One of this series.

Situation 3: A small town high school mascot falls ill on the field during a football game and is rushed to the hospital. A paramedic takes him to the ER. When the paramedic’s wife arrives, she inquires about his condition. The paramedic/husband tells her what the doctors found. Again, the wife is not providing direct medical care to the patient. This paramedic has violated the patient’s HIPAA rights by divulging this information to his spouse. Now, I understand, in small towns– this information may “leak out”. A better way for the author to have handled this would have been to have the wife of the fallen mascot tell this woman what his diagnosis was. HIPAA doesn’t apply to family members and they can willingly share information with who they wish. That may not make the patient very happy— ahh . . . another area of conflict!

Have you seen HIPAA violations in works of fiction that you’ve read?

Author Beware: The Law– HIPAA (Part 2/3)

Situations involving minors can be an easy way to increase conflict in your manuscript. Here is an easy area to use.

Minors presenting to the ED for evaluation of a pregnancy or STD related complaint.

Here’s a set-up. Mother brings her 14 y/o daughter in to “get checked for pregnancy”. Okay, great. Already we have inherent conflict. After all, if the daughter was in agreement about allowing her mother to know this information, they could have done a home pregnancy test and matter solved.

At times, parents will bring their children to the ER thinking that, because they’ve signed them in as a patient and they’re the parent, we’ll have to do as they ask and they’ll learn the information that way.

This isn’t the case. Will we do the pregnancy test? Maybe. The patient has to be willing. Will we relay the pregnancy test results to the parent? If the 14 y/o patient says “no” then we will not.

Most states have laws surrounding minors and issues related to pregnancy or STD’s is protected information and can only be released to the patient. Depending on the state, the cut-off is 13 or 14 years. This is different from us giving information about a follow-up culture for strep throat.

I’ve had parents call back for these types of test results. Nope, can’t give you the information.

Another area is that minor patients can sign themselves into the ER without parental consent for these matters as well. Generally, for all other conditions, we have to make attempts to get the parent on the phone for verbal consent witnessed by two individuals.

What do we do?

As healthcare providers, we really do try and facilitate open dialogue between the parent and child. We’ll sit with the 14 y/o daughter privately and go over why it would be best for her to share this information, regardless of the results, with an adult.

Can you think of other healthcare situations involving minors that could be high areas of conflict?

Author Beware: The Law– HIPAA (Part 1/3)

Several months ago, I was watching a local TV news station when a nurse manager was being interviewed about the fact that you could look up ER wait times on the Internet before checking in. That’s a whole other can of worms I won’t get into today but the problem with her interview was that the camera shot included her standing next to their patient tracking board in which you could clearly see the last name of the patient, their age, and their medical complaint.

Stock Photo by Sean Locke
http://www.digitalplanetdesign.com

I almost fell out of my chair. This was a clear HIPAA violation and that ER manager should have known better than to be standing anywhere near that board.

Each time you visit the doctor’s office or sign into the urgent care or emergency department for treatment, you should be given a paper that outlines your rights under HIPAA which stands for the Health Insurance Portability and Accountability Act. It basically outlines rules on how to deal with a patient’s “protected health information” or PHI.

What this boils down to for the bedside clinical worker falls into a couple of areas and I’ll give some examples below.

1. I should be providing direct care to a patient or should have provided recent care in order to look up their chart. Some of you may remember the healthcare workers that were fired for accessing Brittney Spears medical information. They were likely fired under this provision.

2. I can’t share any specific information (name–never, age, and complaint) listed together in areas where other’s could become aware of the patient’s visit. This would include areas like social media (a big no-no). When cases are presented at medical conferences, generally all patient information is blacked out (say on x-rays). And the patient is only spoken of in general terms. Such as: 16y/o presented to the ER for evaluation of neck pain. Now, across the USA for one day, probably several patients presented with this complaint so how do you know which one it was?

3. I shouldn’t be sharing patient information with my spouse unless he has provided direct care to the patient as well. Therefore, since my husband is an accountant, I can’t say— “Oh, by the way our neighbor’s daughter was seen for a broken arm today in the ER.” Unless I’ve asked the mother specifically if it’s all right that I mention this to my husband, I have violated that patient’s rights by sharing that information with my spouse. Working in pediatrics, I’ve been in the situation often and don’t mention the visit at all when home.

4. Requests for information about a patient from the media generally go through the public relation’s office. This tends to happen more off hours, a reporter will get through to the ER desk and begin to ask questions. Most, if not all hospitals, are very firm that all media inquiries go through public relations. This allows them to control the message.

5. Patient information cannot be given over the phone unless specified by permission. This is why, when you fill out those HIPAA forms at your doctor’s office, they generally ask who they can talk to and what kind of information they can share. Perhaps you don’t want your husband to know why you were at the OB’s office. A caveat to this is giving information to your personal physician who is following up on your ER complaint. We will generally give specifics for this because they are providing your follow-up care.

Next post I’ll talk specifically about HIPAA and minors.