The trusted source for
healthcare information and
Safeguard protected health information
CMSA, AAOHN offer guidance
Regardless of their practice setting, case managers need to take steps to maintain the confidentiality of protected health information under the Health Insurance Portability and Accountabi-lity Act (HIPAA) of 1996.
"Confidentiality of a client’s protected health information is a professional obligation of nurse case managers to ensure public trust and prevent unauthorized and inappropriate disclosure," says Jeanne Boling, executive director of the Case Management Society of America (CMSA), with headquarters in Little Rock, AR.
CMSA and the American Association of Occupational Health Nurses Inc. (AAOHN) joined together to offer guidance to case managers and occupational environmental health nurses in protecting their employees’ and clients’ privacy rights.
The joint position paper addresses the privacy, legal, and ethical issues affecting case managers and occupational and environmental health nurses in all practice settings.
The document outlines specific steps that nurse case managers and occupational and environmental health nurses can take to ensure the proper handling of personal health information. They include:
Organizations that are directly affected by HIPAA, called "covered entities" under the law, are health plans, health care providers, health care clearinghouses, and business associates of covered entities. This includes companies that help covered entities with treatment, payment, or health care operations, or contract with nurse case managers.
For instance, if a nurse case manager is working as an independent third party and engaged in treatment, payment, or health care operations for or on behalf of a covered entity, a business association relationship is created and the case manager is required to protect clients’ health information under the rules applicable to the covered entity, Boling points out.
"The passage of the 1996 Health Insurance Portability and Accountability Act has validated the nurse’s obligation to maintain confidentiality of health information," she adds.
There are some exceptions in which a covered entity does not have to get the individual’s permission to disclose protected health information:
In all other situations, HIPAA mandates that covered entities obtain written authorization from an individual before disclosing protected health information, the paper states.
[A copy of the position paper is available at www.cmsa.org.]