The U.S DHHS case I chose explored the protection of confidential information for covered entities. The case falls under the HIPAA regulations as part of securing protected health information from third party access. In this case, an employee failed to observe the need for privacy when she left a message with a patient’s family member. This message detailed the patient’s treatment plan as well as medical condition. Further investigations revealed that the employee did not follow confidential communication requirements as outlined by the facility (HHS, 2016).
As part of the breach resolution, the facility drafted new procedures governing disclosure agreements. The hospital, for instance, required that workers issue minimum information given telephone content. Also, employees would undertake a training to offer direction on the extent to which they can communicate with their patients. Finally, it was necessary for them to review their patient’s contact directives before making phone calls. These procedures would fall under the privacy policy training as a mandatory aspect of protecting patient health information (PHI) (HHS, 2016).
The nurse administrator can follow this facility’s example and use the following approach to avoid such a situation. First, they should install mechanisms that respect the patient’s need for privacy. Part of this directive would be the need to collect additional information from the patient during admission that consider contact directives (AHRQ, 2016). Second, they should train their nursing staff to protect PHI form third party recipients. This aspect advices that they insist on physical contact during information disclosures. Finally, it is ideal to minimize the amount of information offered to family members concerning PHI. The idea here is that patient privacy is at its best under the hospital’s jurisdiction as opposed to the third party (HRSA, 2016).
References
AHRQ. (2016). Health Information Exchange Policy Issues. Retrieved from Agency for Healthcare Research and Quality: https://healthit.ahrq.gov/key-topics/health-information-exchange-policy-issues
HHS. (2016). All Case Examples: Hospital Implements New Minimum Necessary Polices for Telephone Messages. Retrieved from U.S. Department of Health & Human Services: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/all-cases/index.html
HRSA. (2016). How Do I Ensure Security in Our System? Retrieved from Health Resources and Services Administration: http://www.hrsa.gov/healthit/toolbox/HIVAIDSCaretoolbox/SecurityAndPrivacyIssues/howdoiensuresec.html
