HIPAA & Confidentiality

GOAL: To understand the volunteer’s responsibility as it relates to HIPAA and confidentiality.

OBJECTIVES: Upon completion of this session, the participant should be able to:

  • Identify HIPAA as federal legislation enacted which helps to protect an individual’s medical record.
  • Understand how HIPAA guides the use of Personal Health Information (PHI) as it relates to Treatment, Payment, and Healthcare Operations (TPO).
  • Verbalize the need to uphold patient confidentiality at all times.

Understanding HIPAA
HIPAA stands for Health Insurance Portability and Accountability Act. It is federal legislation which was passed in 1996 to establish national standards for electronic health care transactions and to address the security and privacy of health data. HIPAA is meant to improve the efficiency and effectiveness of the nation's health care system. Learn more about HIPAA.

HIPAA Privacy Practices
As part of HIPAA, each healthcare provider is obligated to provide a copy of its Privacy Practices to its clients. This document outlines how the healthcare provider uses the patient’s Personal Healthcare Information (PHI).

  • The philosophy behind HIPAA’s privacy policy is that healthcare information belongs to the individual. It is the responsibility of the healthcare provider to safeguard that information.
  • HIPAA allows for health information to be used for Treatment, Payment, and Healthcare Operations (TPO).
  • The “Need to Know” rule under HIPAA defines that information should only be shared with those who need to know it to enable Treatment, Payment or Healthcare Operations. Because volunteer services are part of a patient’s care plan, HHHC may share health information with you under the category of Treatment.
  • The “Minimum Necessary” rule under HIPAA states that in any situation we should share the minimum amount of information necessary to accomplish the needed task. As a volunteer, you are given the information necessary to fulfill your assignment, but you do not know everything about the patient’s record.

Please take time to review the Privacy Practice that is given to new Home Health & Hospice Care clients upon admission.

I understand that I am responsible for complying with the privacy and security standards relating to HIPAA. The notice of proper practice and related articles were provided to me. I will treat all information received in the course of my employment with HHHC, which relates to the patients of the Agency, as confidential and privileged information. I will not access patient information in either print or electronic format unless I have a need to know this information in order to perform my job. I will not disclose information regarding the Agency’s patients to any person or entity other than as necessary to perform my job and as permitted under the HIPAA policies.

Guidelines for Safeguarding Information
As a volunteer, you can help safeguard patient information by being aware of how it is shared.

  • If you are talking about a patient (on the phone or in person), be aware of who might be around to overhear your conversation.
  • HHHC’s telephone voicemail system is a secure system. You may leave detailed patient information on the voicemail line of the Volunteer Coordinator or another hospice team member.
  • Your voicemail (home, work or cellphone) is not considered “secure”, so the volunteer coordinator will not leave patient information in a message for you. You will be asked to call back for more information.
  • The Internet is also not a “secure” environment, so patient information may not be shared in email. However, you may email updates to the volunteer coordinator that do not include any identifying information, i.e. “The patient I visit on Thursdays…”
  • If you are working in the Community Hospice House or any other environment, be careful not to leave written information out where it might be seen by others.
  • Safeguard any information you write down regarding your assignment. When the assignment is complete, please bring the information in to HHHC to be shredded.

Patient/client confidentiality is critical to the work at HHHC and must be respected at all times. Patient/client information should never be casually or informally shared with anyone inside or outside HHHC. Patient/client records must be kept secured and locked unless being used by staff or a "home chart" has been instituted. Needed information should only be shared to:

  • Ensure an effective and appropriate care plan is formulated, updated, and carried out by the care team. This team is comprised of HHHC staff directly involved in the patient's care, including "on call" and supervisory staff, the patient's physician, and may include outside providers.
  • Ensure patient/client and staff safety. When there is a potential threat to the welfare of a patient/client, or others, or a question of abuse, Agency policy and legal regulations will be followed.
  • Ensure that proper billing and reimbursement occurs.
  • Ensure that the Agency’s standards of quality and risk management are maintained.
    Referral information outside the care team may be made only with the patient/client's prior written permission.


Additional Links