HIPAA - Health Insurance Portability and Accountability Act of 1996
Federal Laws Affecting Certified Nurse-Midwifery
When viewing this article, you may have the urge to skip it altogether and I can relate to your motivation. Anyone who has practiced or been employed in healthcare since 2003, has been thoroughly indoctrinated in HIPAA and what it represents. Either as a patient, or as a provider, HIPAA blurs our vision with its complex, legislative demands and potential penalties if we falter. Without delving too deeply into its complexities or inducing catatonia, the basics of HIPAA do deserve review in order to remind us all of the importance of this legislation and its relevance to midwifery practice.
Rojan Maharjan
HIPAA and Midwifery Practice
Close your eyes and repeat after me: “The federal law that controls privacy and security of our protected health information is codified in HIPAA.” Most of us are unaware that the original purpose behind the Statute was to set standards for the transmission of electronic health data and to allow average humans to transfer and continue their health insurance after changing or losing their jobs.
Before 2003, there were not any privacy standards for an individual’s health information under HIPPA. Any protections that existed could be found in State laws. To give it a little more teeth, the Department of Health and Human Services issued three rules: 1. The HIPAA Privacy Rule. 2. The HIPAA Security Rule. 3. The HIPPA Enforcement Rule. The Privacy Rule is the one we are most familiar with. It confers individual rights to covered entities regarding personal and private health information (PHI). The Security Rule establishes national standards to protect individuals’ health information. It requires administrative, physical, and technical safeguards to protect electronic health information. Enforcement addresses compliance, investigations, and the crafting of suitable penalties for wrong-doers.
unsplash-imaage
CNMs/CMs are NOT Covered Entities . . .?
In regard to being a “covered entity” under HIPAA, it is important for you to determine whether or not you are one. Under HIPAA, a CE (covered entity) is defined as a health plan, healthcare clearinghouse, or healthcare provider, “as long as that provider transmits health information in electronic form in connection with a transaction, such as authorizations for treatment, etc.” Health care providers that are paid to provide healthcare such as doctors, dentists, hospitals, nursing homes, pharmacies, urgent care clinics, and anyone else that provides healthcare in exchange for payment, are considered covered entities. However, the statute is silent in regard to advanced practice clinicians who may run their own clinics and receive payment.
Reasonable interpretation would suggest that independent nurse-midwives fall under the definition of health care providers who get paid to provide care. Following this reasoning, birth centers would also be considered as covered entities, similar to urgent care clinics.
Individual health care providers must comply with HIPAA only if they transmit health information electronically in connection with covered transactions. Most providers transmit information electronically to carry out functions such as processing claims and receiving payment (coding). Therefore, most providers are covered under HIPAA[1]
b Denis Oliviera
Independent Nurse-Midwives and HIPAA
What about certified nurse-midwives who are hospital employees? They are NOT considered covered entities under HIPAA, but they may still be fined for violating the rules. The Office of Civil Rights may impose a penalty of $100.00 per violation of the statute when an employee was unaware she was violating HIPAA rules, up to a maximum of $25,000.00 for repeat violators. In cases of reasonable cause, fines can rise to $1000.00 per violation with a maximum of $100,000.00 for repeat violators. If the violation is considered willful neglect, the fine is $10,000.00 up to $250,000.00 for repeat violators.
Larry Farr
Willful neglect with no correction carries a $60,000.00 penalty per violation, up to $1,500,000.00 for repeat violators. So, HIPAA is no joke.
Penalties and HIPAA
In conjunction with criminal charges, penalties can also be filed when HIPAA rules are violated under: false pretenses, acquiring stolen health information with the intent to sell it, or other mayhem involving intent to inflict malicious harm. Chances are that any CNM privacy violations under HIPAA would be unintentional and rapidly corrected. Research has revealed it to be quite difficult to suffer penalties for unintentional, minor violations. As a certified nurse-midwife, there is always a minute chance of a money penalty, but a future crocheting place mats in federal prison is unlikely.
Edwin Chen
Is HIPAA Even Relevant to CNM Practice?
HIPAA is relevant to your practice. If you have not thoroughly memorized all the possible ways to violate HIPAA, there is a compliance officer at your institution that can answer any questions regarding violations.
We all know the nurses-gossiping-in-the-elevator stories. One thing to remember is: if you are talking about a patient in the elevator, bathroom, break room, or other public place, and in the course of the discussion you are dropping random patient demographics, you are in violation. The name of the patient is not required in this instance. Details that may lead to a patient’s identity are all that is required to violate the statute. This goes for in-person, written, and electronic/cell-phone communications, as well.
One last bit of information regarding HIPAA: There is no private cause of action under the Statute. This means that an individual cannot personally sue a covered entity under HIPAA. If your own private health information is illegally accessed and exploited, you do not have personal recourse other than some satisfaction that the violator will be fined or jailed. All money collected from HIPAA violations goes directly to the United States Treasury.
1. Health Privacy: HIPAA Basics. Privacy Rights Clearinghouse. https://privacy rights.org/consumer-guides/health-privacy-hipaa-basics.
http://www.midwivesontrial.com