REF: NEW REGULATIONS TO SECURE HEALTH INFORMATION AND PROTECT PATIENT PRIVACY
Hello. I hope this memo finds you in perfect health. I would like to bring to your attention the following changes to DHHS’s HIPAA regulatory requirements. Also highlighted are some of the subsequent internal policy changes as well as their influence on nursing practice and patient care.
New Regulatory Requirement
The DHHS has strengthened its regulations on the need for enhanced privacy and security for protected health information (PHI). This move works in line with the Health Insurance Portability and Accountability Act (HIPAA) 1996. The revision, therefore, addresses the following key pointers.
First, in the revision, there is a great enhancement of patient privacy protection. This correction directs that health care providers acknowledge the patient’s right to personal information. It also strengthens the DHHS’s ability to enforce and implement the regulations. Such changes come as the HHS takes note of the rampant changes in health care since the initial HIPAA enactment. According to Secretary Sebelius, the new rules would protect and safeguard PHI from the security risks that come with the digital age (HHS, 2013).
Second, DHHS recognizes the need to exercise greater control of PHI past the traditional users. The HHS department noted that the traditional HIPAA regulations only concentrated on healthcare providers and insurance claim processes. However, the new regulations extend to secondary and tertiary business entities that have access to PHI. The department has set the penalty for non-compliance and negligence at a maximum limit of USD 1.5 million for every given violation (HHS, 2013).
Third, under these regulations, patients have a right to access their health records in electronic formats. Also, the out-of-pocket payers have a right to protection from their insurance providers. That is, they can instruct physicians not to share their treatment plans with their insurance companies. This omnibus depicts a dawn of new regulations that limit’s PHI usage and disclosure to third parties without the patient’s permission (HHS, 2013).
The final aspect streamlines the patient’s ability to authorize the utilization of their PHI for health research. In this capacity, individuals have the permission to offer their PHI to researchers in light with educational advancement. The rule also facilitates a primary caregiver’s ability to share their patient’s health information with research institutions for study purposes. For instance, parents can now permit or disallow the use of their child’s PHI in schools and health research facilities (HHS, 2013).
Internal Policy Changes
That said, there will be changes to our internal policies to address existing and new regulatory requirements. These changes would reflect administrative, physical and technical safeguards as follows. The administrative policy changes would include procedures that can address the security, confidentiality, and privacy of patient’s PHI. Viable changes under this label include the identification of relevant HITs, routine risk assessments, the acquisition of HITs, and the development of sanctions policies (HRSA, 2016).
Physical safeguards would touch on policies that address audit and access controls, integrity, transmission, and authentication. The need for access control looks into the use of user ID protocols, logoffs, and encryption mechanisms. Audit controls entail conducting regular surveillance on activities in systems that contain and transmit PHI. Third, integrity encompasses the need to protect PHI from unauthorized access and alteration. Finally, entity authentication considers the verification of sincerity and integrity of secondary users seeking access to PHI. Lastly, physical safeguards would involve changing policies established to physically care for PHI and HITs. For instance, it is vital to implement limited access to facilities and office spaces that house HITs. Second, I recommend the appropriate utilization of workstations for users with unlimited access to PHI (HRSA, 2016).
The influence of Requirements on Nursing Procedures
These requirements urge an active transition towards patient-centeredness in nursing practice. They act as a wake-up call to excite the following influences on nursing procedures. First, the regulations will spark our nurses’ interest in patient advocacy. Second, the move demonstrates the nurse’s active role in the protection of PHI. Third, the regulatory measures explain to nurses what they need to know concerning PHI, HIPAA, and HITECH. Third, the procedures explain the importance of protecting PHI to nurses as the primary users of such information (Berghout, Exel, Leensvaart, and Cramm, 2015).
Therefore, the regulation, as well as policy changes, would have the nurse assume an active advocacy role. Given this capacity, they will advance the patient’s right to information by educating them as well as preventing unauthorized access to PHI. Advocacy further encompasses the provision of additional information for patients who wish to access, edit, and share their PHI with a third party. Finally, the nurse would defend their patient’s rights to information protection by criticizing against activities that endanger and conflict with the new regulations. For instance, it is a nurse’s duty to protect out-of-pocket payers from premature disclosure of payment information to health insurance organizations (Kerridge, 2012).
Influence on Patient Care
As stated above, the new regulations call for a transition from physician-centered to patient-centered care. In essence, patients are now assuming active roles in determining the fate of their PHI. However, the organization should encourage its primary users of PHI to act as patient advisors in roles that limit unauthorized access to crucial information. That said, nursing education will increasingly become a key initiative in educating patients on effective data management. At the organizational level, it is vital for nurses to act influencers in helping patients understand the importance of privacy and confidentiality when it comes to HITs (Berghout et al., 2015).
Eventually, the influence of these new regulations is to find an effective use of personal information for the advancement of healthcare practices. That is, the organization realizes that the government, through the DHHS, has the mandate of prioritizing patient welfare. The HIPAA regulations, therefore, ensure that HCPs and business entities offer their best initiatives in the protection of PHI. In such environments, there would be an enhanced need to monitor access and utilization of PHI, thus advancing the quality of service delivery in patient care (Berghout et al., 2015).
How to implement Policy Changes
Now, there exist three basic steps to successful changes concerning these new regulations in the organization as follows. The first step would be to identify and treat any barriers to successful policy transformation. Barriers, in this case, include individual health care workers and limited technological resources. Through careful consideration, it would be possible to establish a customized approach to help in overcoming such barriers and encouraging changes (Kerridge, 2012).
The next step involves identifying and using change managers to offer guidance, awareness, and knowledge on the changes required in accordance with HHS’s regulations. Kerridge (2012) demonstrates that HCPs are often ignorant of updated guidelines on the need for procedural transformation. Also, they could be unaware of the penalties and grave consequences involved in a delayed change as per HHS’s requirements. Therefore, change managers would prove a crucial resource for driving change and implementing the new policies (Kerridge, 2012).
The last step will involve motivation and acceptance as a primary concept to a successful transition. As the final part of the change process, this step uses internal and external motivators to drive successful policy implementation. Such aspects include self-motivation, goal setting, and rewards/penalties for routine management. This step would ensure that all change agents collaborate in altering the perceptions of nurses and other healthcare workers towards complying with the new policies (Kerridge, 2012).
It is my hope that everyone treats the contents of this memorandum with the seriousness it deserves.
[Jane Doe]
Chief Nursing Officer
References
Berghout, M., Exel, J., Leensvaart, L., & Cramm, J. (2015). Healthcare professionals’ views on patient-centered care in hospitals. BMC Health Services Research, 15 (385). doi:10.1186/s12913-015-1049-z
HHS. (2013, January 17). New rule protects patient privacy, secures health information. Retrieved from U.S. Department of Health & Human Services: http://www.hhs.gov/about/news/2013/01/17/new-rule-protects-patient-privacy-secures-health-information.html
HRSA. (2016). How Do I Ensure Security in Our System? Retrieved from Health Resources and Services Administration: http://www.hrsa.gov/healthit/toolbox/HIVAIDSCaretoolbox/SecurityAndPrivacyIssues/howdoiensuresec.html
Kerridge, J. (2012). Leading change: 1: identifying the issue. Nursing Times Journal, 108 (4), 12-15.
