A San Francisco healthcare facility is in big trouble. Laguna Honda Hospital, a public, city-run facility that serves as a live-in hospital, nursing home, and rehabilitation center for 780 patients, has already paid out $780,000 in fines, and it may get hit with even more penalties. Why?
For more than two years, employees violated the privacy of patients living in the facility’s dementia ward. Staff members would verbally and physically abuse patients and send pictures of the incidents to other employees.
This shocking discovery caused a PR disaster for Laguna Honda. It also led to an official investigation into the healthcare system and possible criminal charges for the staff.
Disregarding a patient’s right to privacy can land a nursing home or other healthcare facility in serious legal trouble. What privacy standards should your business follow? Do you need to comply with HIPAA regulations? Let’s find out.
Are nursing homes covered under HIPAA?
It depends. In order for HIPAA rules to apply to a nursing home, the facility would have to be deemed a covered entity or a business associate. How do you know if your organization falls under one of these classifications?
HIPAA covered entities include
- Most healthcare providers
- Healthcare clearinghouses
- Health plans
Most nursing homes tend to fall under healthcare providers, especially if they conduct business electronically, like billing a patient’s insurance company. There are some independent senior care facilities that may not be considered a covered entity. It all hinges on what type of facility it is and the healthcare services it provides.
Nursing homes also have to follow HIPAA rules if they are a business associate of a covered entity. A business associate provides services for a covered entity, and those services require the use of protected health information (PHI).
Even nursing homes that don’t fall under HIPAA regulations need to protect patient privacy because it’s the ethical thing to do. What can happen if your healthcare organization doesn’t respect patient privacy?
Here’s another example. A nursing assistant who worked at a nursing home took a video of a dementia patient in a bathroom and sent it to a friend. She lost her professional license for the violation and later faced criminal charges. The nursing home was fined $7,800 for the incident.
How can you protect your patients and follow HIPAA regulations?
Protecting your patients takes commitment to legal compliance
Keeping your patients’ health information secure and private requires hard work. HIPAA guidelines can help you guard your clients’ protected health information and prevent serious legal problems. Here are some basic HIPAA standards you can use to ensure your patients’ health information is safe:
- Put policies in place to protect your patients’ protected health information. These policies should address both the physical and electronic risks to your clients’ information. For instance, electronic devices that send PHI should have end-to-end encryption, and physical records should always be stored in a locked cabinet.
- Follow your state’s privacy laws. Some states have stricter requirements for nursing homes than HIPAA does. Understanding your state’s privacy laws can keep you from violating these regulations.
- Train your staff on HIPAA compliance. Conduct regular training sessions with your employees so they understand how to comply with your privacy policies.
- Appoint a HIPAA compliance officer. This officer should stay up to date on HIPAA regulations and your state’s privacy laws. They also need to ensure facility policies are consistent with HIPAA guidelines.
- Dispose of patient information correctly. Physical records should be shredded or burned, while electronic records can be purged by exposing the data to a strong magnetic field or cleared by using software or hardware to overwrite it with non-sensitive information.
- Get written permission before you display patient information. Some nursing homes display a patient’s name outside their room so that visitors can find them. Before putting a patient’s name up, you should get permission from either the individual or their legal representative.
- Go through the proper legal channels for releasing protected health information after a patient dies. Release this information only to those who are legally authorized to act on behalf of the deceased individual or their estate.
Keeping your patient’s protected health information secure protects your business and your clients. It helps your organization avoid expensive fines and protect its reputation. HIPAA compliance also ensures that your patients’ private information stays private.
Keeping data safe helps you provide the best care possible
Nursing homes have a huge responsibility. They need to provide exceptional care to people with a variety of problems. Respecting your patients’ right to privacy and the need for secure data makes it easier to help them all.
There’s more to HIPAA compliance than a list of policies. You also need technical safeguards. Give your patients a seamless experience while protecting their information with JotForm’s HIPAA-compliant forms.