Can You Keep a Secret? - a nurse's responsibility to protect a patient's privacy - Industry Trend or Event

Health Management Technology, June, 2001 by Leah Curtin, Roy L. Simpson

Nurses play a key role in ensuring the security of patient data.

As a young woman, I can clearly remember the sequence of events following the birth of my third child. I had been ill throughout the pregnancy, and following my return home after Chris' birth, I hemorrhaged several times--and suffered a recurrence of the severe abdominal pain I had experienced during the pregnancy. As it turned out, I had lodged gallstones and an icterus index that was off the scales. Thus I was hospitalized for several days prior to gall bladder surgery, complete with a drain in the common duct.

At discharge, I was asked many questions among which were: 1) How many children do you have at home? (Answer: three under the age of 4); 2) Do you have help at home? (Answer: no); 3) Do you have any family members who can help you? (Answer: no); 4) Can you afford to hire someone to help you? (Answer: no); 5) What is your household income? (I told them.) And so on--all of which went into my permanent record that was transferred to my OB/GYN, to my family physician and to all of their staff.

Brat the upshot of all of this form-filling and questioning was nothing whatsoever, other than an unjustified and unproductive intrusion into personal facts about my family.

What's the Point?

Other than asking questions, no one did anything: no referrals, no help, and, in fact, no follow-up whatsoever. It was just more information gathered, filed and kept for folks to look into if, for any reason, they were interested. Some of my classmates read about it. One of my neighbors, whose relative worked in one of the doctor's offices heard about it. In fact, any number of staff knew--and visited and commiserated with me. You see, I had been on staff in that hospital for three years.

Today such intrusions and such liberal "sharing," no longer will be tolerated. The Health Insurance Portability and Accountability Act (HIPAA) mandates the implementation of strong policies and procedures to insure the confidentiality of patient health data. While few would argue the importance of HIPAA's mandates, these mandates do pose a dilemma: How can organizations implement procedures that protect patient privacy but don't obstruct patient care--especially in view of the coordination of efforts and the sharing of information that is so integral to good patient care and seamless post-discharge care?

Nurses' Key Role

As originators, managers and users of patient data, nurses can--and should--play a key role in resolving this dilemma. For example, nurses know exactly what data is needed--and the operative word here is needed--to ensure safe nursing care delivery. So why shouldn't nursing--rather than the CIO--suggest and implement procedures that allow staff to see information only on patients currently assigned to their duty station?

In addition, nursing should evaluate the systems it uses to make sure they include:

* Encryption software for any health data transmitted over the Internet.

* Authentication to validate the identities of senders and receivers of information.

* Authorization (e.g., unique user IDs and passwords) to ensure the right access to the right data by the right people.

* Audit trails to track who accessed what information.

HIPAA compliance will be a reality soon enough. When it is, keeping data secure may not be nursing's primary job, but it will definitely be everyone's problem. By helping solve this problem, nursing can further confirm its contribution to both healthcare and the healthcare IT bottom line.

Leah Curtin, RN, ScD (h), FAAN, is editor-in-chief of CurtinCalls, an irreverent, fact-filled scan of nursing and healthcare, Cincinnati, OH. Roy L. Simpson, RN, FNAP, FAAN, is vice president of Cerner Corp., Kansas City, MO.