A Case of Nurse’s breach of Patient Confidentiality

Most of the healthcare professionals are conscious about HIPAA, and of course conscientious about patients’ rights to complete confidentiality. And the healthcare industry has adopted the best practice of annual HIPAA training processes to cover the new workforce members and periodic refreshers for all employees.

So far so good. However, there are times when the common sense and the training would test the boundaries of obligations that need to be shouldered by the health providers. A recently reported court case should serve as an example of how far-reaching these obligations have gone. Medical legal expert, Nancy J. Brent, MS, JD, RN described a rather bizarre situation that ended up penalizing a Hospital ICU nurse.

Most often we associate a PHI breach when a nurse is using messaging App or other text messaging system that is not encrypted or HPAA secured. Or, when a nurse shares patient information with a person who is not a member of the healthcare team or when a patient’s electronic medical record is accessed for a personal reason when a nurse is not providing care.

The nurse involved in this case was employed in the hospital’s ICU, and she remotely accessed patient census lists 11 times when not at work. The lists contained private health information, including patient names, ages, diagnoses, medications and other personal information.

When a supervisor discovered the nurse accessed the list, she was told her actions were in violation of the hospital “information security policies”. Although the nurse’s reason of checking the list was to determine ICU staffing and whether she would be required to work assigned shifts.

The nurse was disciplined, suspended, and the supervisor filed a complaint with state board. After a board investigation the nurse received the board notice for a hearing and the allegations against her, which involved breaching her duty to protect the patients’ confidentiality and privacy rights in violation of the state’s nurse practice act and administrative rules.

The State Board found the nurse’s conduct to be unethical

Here is the list of findings used by the board:

  • Accessed the patient lists for her own purpose to determine if she would work the next day or be placed on call.
  • Did not use information from the lists for any other purpose.
  • Did not share the information with anyone else.
  • Did not read any personal information on the lists.

The above list seems like ‘No harm, no foul’, right? Wrong! Even though it seems as if the nurse did not seem to violate any patient’s health information rights, the board found the conduct to be unethical, based on the following points:

  • Was not authorized to access the lists from a remote location.
  • Did not need the information to perform her duties as an ICU nurse.

Fortunately for the nurse, the board believed the nurse did not understand her conduct was a violation of the patient confidentiality policy and the hospital determined the behavior was not a HIPAA breach, and hence they imposed the least severe sanction — a citation and a warning.

The nurse filed for a judicial review of the board’s ruling. The district court dismissed the nurse’s petition. The disciplined nurse appeals the decision and asked an appeals court to reverse the district court ruling.

The appellate court was very clear about the fact the board had the authority to discipline the nurse under the nurse practice act and its rules for unethical conduct. It also emphasized proof of actual injury (to a patient) need not be established.

The court opined that her conduct was a violation of hospital policies to protect patient confidentiality. Also, the court said she knew or should have known about those policies.

How to avoid a similar situation and outcome

The nurse in this case made an error in judgment in seeking out the ICU patient lists to determine her work schedule. Unfortunately, that error led to serious and costly ramifications.

In this case, the nurse could have simply asked permission to access the lists, or even more simply, called the ICU charge nurse to determine if she would be needed for her assigned shift.

Other Guidelines for Nurses

Upholding patient confidentiality policy is a fundamental obligation. Period.

Use the following guidelines:

  • Know your workplace patient confidentiality policy and adhere to it.
  • Know your HIPAA obligations and always use HIPAA-secured communication tool.
  • Remember any violation of your state’s nurse practice act and/or rules does not require patient injury.
  • Know what your nurse practice act, patient confidentiality policy and other rules about protecting patient privacy.
  • Know and adhere to ethical requirements governing patient confidentiality and privacy under the American Nurses Association’s Code of Ethics for Nurses with Interpretive Statements.
  • Even though a discipline might be the least severe, it is still a discipline that affects a nurse professionally

Unfortunately majority-of-providers-fail-to-fully-comply-with-HIPAA-right-of-access and face the risk of severe penalties. Although in this case the facility or the employer was not implicated, there could be legal liabilities for the supervisors and employers as well.

Legal Experts

Despite the high degree of attention on HIPAA, it is unfortunate that still majority-of-providers-fail-to-fully-comply-with-HIPAA-right-of-access. As learned from this case, ignorance is not an excuse to escape the penalties for violation – and those are becoming more severe.

Read more

Mobile Secure Communication Increases Patient Engagement

Patient engagement is an important theme discussed by many clinicians and hospital leaders. The healthcare industry is a competitive marketplace where patients have several choices about what doctors to see and what clinics to visit.

The term “patient engagement” itself is somewhat confusing and often misused, as it is used to describe everything from patient portals to social media to tech gadgets that enable patients to actively participate in their own health & wellness.

Unfortunately many organizations tend to view their patient portals and websites as both the ‘strategy’ and the ‘answer’ as a means to engaging patients in their own health outcomes. This is a problem as these options merely serve as passive roads that lead to where you want to reach. But without any additional ongoing, active triggers & motivations to activate the positive patient behavior, the roads would remain ‘the road not taken’ (pardon the pun at Robert Frost’s expense).

The right mobile communication tool can set a practice or a clinician apart from the rest. Such a tool would allow the patient to combine her knowledge, skills and willingness to manage her own health with the right interventions to nudge positive patient behavior and outcome.

Meet Buzz.

With Buzz, the days of faxing documents, looking through a rolodex, and playing phone tag through voicemails are over. Buzz is one integrated solution that allows the sharing of documents, text, and secure calls in a HIPAA compliant and completely secure manner. As a clinician your interests are caring for patients and families. This tool not only makes that easier, it makes it better.

Keeping patients and families engaged through a mobile platform is a no brainer. Buzz allows you to stay connected with patients throughout their care process, which improves engagement and patient satisfaction. It improves the integration of care by allowing communication amongst the care team—this too largely benefits patients as they receive better and more coordinated care. Simply put, more engaged patients leads to better outcomes.

Let’s dive in with some details.

A hospital admission entails three key processes: admission, hospital stay, and discharge.

Buzz benefits each of these in a different but meaningful way.

Admission

  • Integrating admission communication between physicians, charge nurses, and emergency department to floor hand-offs
  • Updating patients and families on reasons for admission, location in the hospital, and patient status
  • Communicating with specialists to obtain consultations through a mobile platform

Hospital Stay

  • Coordinating care between nurses, physicians, residents, physical and respiratory therapists, and all other members of the care team
  • Updating patient’s families on clinical progress and discharge planning
  • Improving hand-offs between hospitalists and better coordination amongst teaching teams

Discharge

  • Communicating with skilled-nursing facilities, care coordinators, and primary care physicians
  • Charting discharge documents and insurance authorization forms
  • Updating the family on discharge plans

With Buzz we strive to make life better for both clinicians and patients. Mobility is a reality in many other industries, and it is just about time that healthcare catch up through responsible, engaging, and secure technology.

Read more

When you can’t beat ‘em join ‘em

Recently, I attended a Rewards & Recognition gala in Boston, where many of our physician friends were present.  

During social hour and discussion, we talked about the topic that invariably creeps up in such groups.  It was about the growing physician work overload.  Everyone unanimously thought that the cause for this burden is both the information explosion (blame the Internet for this) as well as the need for comprehensive documentation (blame the lawyers!).  Although some of this is caused by the threat of frivolous malpractice lawsuits, a good part of the problem is compounded by the proliferation of digital tools (many of those in the healthcare are pretty bad mind you, but let’s leave that for another day).  

What? Another digital tool? No way!

I started explaining how you can’t really escape the current reality of the digital world and that there are many effective technology tools that save time, especially for repetitive or disruptive tasks that take the focus away from the main job at hand.  I also mentioned to the group that we recently launched a product that will help streamline many of the tasks they perform. One of the physicians quickly retorted, ‘What? Another digital tool? No way.’   I was taken aback by the visceral reaction, but in a way saw where he was coming from.

On the way home, I was still thinking about this apparent paradox.  It almost didn’t matter as to what the actual tool was supposed to do and whether it was any good or not.  The fact that it was a piece of technology was sufficient for it to be shunned.  Is it really the digital technology that are causing the issues or there are some other factors at play?  If you dig deeper, the problem seems to lie with the systems that are not designed to quickly adapt to the changing world.  A lot of burden comes from the fact that physicians have partly become data entry clerks.  

Unlike in the case of other professionals, say lawyers, they don’t get to push this overload in terms of time billed to their clients.  They have to get all this work done in their personal time, resulting in the staggering 2:1 ratio of documentation time vs patient encounters.  In some instances, the technology including both the hardware and software are slow or outdated (A case in point, my cardiologist wife had a really old, underpowered computer outfitted in her office with the disk space, RAM and the CPU speed well below the limits specified by their EHR system EPIC; causing frequent slowdowns, crashes and unexplained performance issues. This was never diagnosed or flagged by the IT support staff for a very long time, even though it was obvious that there was a problem. Unfortunately clinicians neither have the time or inclination to research such issues and would rather spend time on the patient care!)

We believe that there is a chance for some ‘digital shortcuts’ that physicians and other healthcare professionals can utilize to make their lives easier.  There are many repetitive tasks that could be automated with ‘productivity hacks’. Also, with effective collaborative tools information can be easily tagged, queried and accessed; thus, bringing the elusive-when-you-need-it-most bits of information at the clinicians’ fingertips. The digital revolution is no more a fad or gimmick and is here to stay.  Rather than fighting the ‘digital’, clinicians should rally to challenge and address the administrative and policy decisions that seem to miss the core reasons behind the excessive fatigue. 

Sandeep Shah

Read more

Getting Up, Close & Personal with E2EE

As a medical practitioner, you are constantly exposed to abbreviations. So let’s examine the one from the world of technology, E2EE. It stands for ‘End-to-end Encryption‘. End-to-end encryption is quickly becoming the de facto standard in communication between two or more parties. As an example, if you send a message via email or SMS, you as a sender form one of the ‘Ends’. The party intended to receive the message is the receiver or the other ‘End’. When the message travels from one end to the other end, it is encrypted. Let’s examine how this works in practice. Typically, you’d be using some software such as Skyscape’s Secure Medical Messenger, Buzz.

All messages sent through the Messenger are encrypted on the sender’s device and remain encrypted as they travel over the mobile network/Wi-Fi/Internet, through the cloud/web server, and on the way back to your chat partner (say a nurse or another physician). In other words, none of the networks or servers will have a clue what the two of you are chatting about.

How is it accomplished?

In order to E2EE work, it uses a concept of two keys – a public key and a private key. Every user of the software is assigned a public key and a private key. A public key, as the name suggests, is shared with anyone with whom you are going to communicate with. And conversely, the private key is known only by the user and typically resides only on the user’s device.

A message (which could be text, voice, image or any other kind of data) can only be viewed on either the device of the sender (using the public key + the sender’s private key) or the recipient (using the public key + the recipient’s private key).

Step-by-Step

Let’s break down the process in steps:

STEP 1. Two keys, public and private are generated when a user opens the Secure Medical Messenger app for the first time. The encryption process takes place on your phone.

The private key remains with the user on the phone. The public key is transmitted through the server to the receiver.

The pubic key encrypts the sender’s message on the phone even before it reaches the server.

The server is only used to transmit the encrypted message. Only the receiver’s private key can unlock the message. No third-party including developers can read the message.

What can You Encrypt?

Anything. Really. Chat messages, files or PHI data transfers (health records, images, reports, EKGs and videos sent between hospitals, remote clinics and providers), even live phone conversation.

In the medical context, it is imperative as HIPAA regulations demand that any information that includes patients’ identity should be protected in such a manner. Skyscape’s BUZZ, which is a HIPAA-secure messenger, has been built around this principle. The level of security is akin to what you have come to expect from your banking or other apps that require highly degree of security. Military-grade encryption is virtually impossible to crack as it uses 256-bit keys that generate 2^256 possible combinations. There are no supercomputers yet that can crack such a key within a reasonable amount of time.

Read more

Physician Burnout: Causes, Effects and Remedies

Physician burnout is an epidemic prevailing today in the medical profession. A study shows that on anaverage 1 in 3 US doctors at any given time suffer from physician burnout. Recent survey in the US shows that physician burnout rates are higher than 50%. These revelations demonstrate that doctors are facing extreme work pressures which is leading to burnout.

Read more

What does End-to-End Encryption mean (and why should you care?)

OK… now we have all heard about end-to-end encryption. What does that really mean? And why should you as a clinician be concerned about it.

What are these ‘ends’ in end-to-end?

When they refer to end-to-end, the two ends refer to the sender and the receiver. Let’s say you are want to convey some important piece of information to your colleague. So you are the ‘sender’ and the colleague is the ‘receiver’. The transfer of information could be verbal, by gestures or even some electronic form such as via telephone, or in the modern days by text messaging, email or some other form of communication. The last few channels of information is digital and travels from one device to the either over the Internet or the cellular service.

Keep it to yourself, buddy

Let’s say that the information you are providing to your colleague needs to be confidential. This is where you would employ different tactics depending upon whether you are talking in a private space (you would not be too concerned about someone overhearing your conversation), or in a corner of the conference room where there are other folks (you might use a soft voice and use gestures to make sure no one hears what you are saying), or on the phone (you will ask your colleague if the call is on the speaker phone or there is anyone in the vicinity who could to listen the conversation).

But none of these methods could be foolproof because someone could snooping in your conversation (by lip reading or by tapping the phone line).

This is where the Encryption comes into play.

Encryption – It’s All Greek to me!

So in the above example, the two parties might take precaution to exclude others from the conversation (some of my Chinese friends don’t bother about talking in soft voice even in the presence of a bunch of others, they just switch to Mandarin!) there are problems when you have to be physically separated from each other.

The electronic bits that represent the conversation need to travel and someone with enough technical chops could intercept these bits and piece together the ‘confidential’ information that you were eager to pass on!

So this is where the Mandarin trick comes into play. Well, sort of (don’t worry, we are not planning to send the two ‘ends’ to the language lessons). The idea is that you expect that some people could hear you talk. And you would want to make sure that they don’t understand what you are saying.

Now you will question that in a small setting you could know that no one understands Mandarin, but when surrounded by a larger crowd you can’t be absolutely sure that no one would understand you. You’re right, it’s a sensible observation!

And yet, this is the theme that forms the basis of how we can solve the problem of preventing others from snooping on your conversation. Or rather preventing them from understanding what they are ‘snooping’. Essentially, just like my friends resort to Mandarin, we convert the information into temporary ‘language’. Thus anyone who tries to understand the intercepted information would just get the gibberish and cry, “it’s all Greek to me“! (Sorry to jump a whole continent in my analogies ?).

See the following figure:

This illustration shows four different conversations happening. In order to make sure that every pair in the conversation remains private from each other, the ‘language’ or the ‘gibberish’ has to be unique for each.

This process of generating gibberish from perfectly good information has a fancy, mathematical name – it’s called encryption (Ah.. yes, finally coming to the main point of this topic!) Encryption is the encoding of a message to the indecipherable sequence so that only the intended party can decode it. Technically, this gibberish is called ciphertext. Even if someone gets hold of this ciphertext, they won’t be able to access the original information. The receiving party decodes the original information by the reverse process of decryption (We will get into the details of how this is accomplished in a separate topic). And of course, it pertains mainly to all forms of electronic communication that happens beyond the face-to-face communication, including any information that is stored electronically.

Back to the medical environment

When a clinician speaks to another clinician about a patient or directly with the patient, utmost care has to be taken to protect the information reaching to the wrong person. Transitioning to the modern reality due to the increasing adoption of digital technology, there are more channels of ‘leaky’ communication. Additionally, the liberal intrusion of the social media into our daily lives has also made it into the medical environment, jeopardizing privacy of the healthcare constituents.

Why should you care? Two words, HIPAA compliance. And this is where the end-to-end encryption becomes important.

Read more

Summer is the Power Season for Nursing Faculty

Co-Author, Fundamentals of Nursing:Active Learning for Collaborative Practice, 2e and Conceptual Care Mapping: Case Studies for Improving Communication, Collaboration, and Care, Elsevier

Summer is the season for creative thinking as a faculty member. When the number of committee and faculty meetings is typically fewer, it’s time to integrate more evidence-based active learning and evaluation strategies into our future courses. With medical knowledge predicted to double every 73 days by 2020 (Densen, 2011), active learning strategies that support the development of strong clinical decision-makers and lifelong learners must become the norm in our classrooms and labs.

Totally Worth It

In the 21st century, implementing evidence-based teaching strategies in the classroom is as critical as utilizing evidence-based practice in the clinical area. Revising our teaching strategies to include more active engagement of students takes time while being essential for enhanced student outcomes and patient safety. However, the time we spend developing active learning opportunities for students pays big dividends for our students and the patients for whom they provide care. Utilizing a variety of active learning strategies throughout a term will keep students engaged and prepared for class, lab, and clinical.

Require Conceptual Care Mapping

Concept mapping in many forms has been shown for several decades by multiple researchers as a teaching/learning method that provides deep learning and supports increased clinical judgment skills. Conceptual care mapping is a specific, evidence-based active learning strategy to replace traditional care plans. Concept maps that replace traditional care plans (conceptual care maps), “provide a visual model for students to view the interactions and relationships between bio–psycho–social aspects of the patient, disease signs and symptoms, medical management, medications, and nursing process” (Cook, Dover & Dickson, et al., 2012, p. 92).

Conceptual care mapping helps students visualize the relationships among their patient’s data, then analyze and synthesize the data necessary to develop an evidence-based, patient-centered care plan. Conceptual care mapping is a valuable learning tool in the classroom, lab, and clinical area. Require a conceptual care map (CCM) as a daily worksheet in the clinical area, then require approximately three CCMs/semester to be submitted for clinical evaluation, instead of a traditional care plan.

Have students develop conceptual care maps in the classroom from original, online, or textbook case studies. If you teach upper division courses, have a student present a case study (based on an anonymous clinical patient) and have the rest of the students discuss plans of care while completing a CCM. Require students to present evidence for their interventions and analyze lab and diagnostic testing data using their handheld reference resources. The visual aspect of the CCM allows students to more readily recognize connections among patient data, contributing to enhanced clinical judgment skills.

Conceptual care maps are also excellent evaluation tools that demonstrate the depth and application ability of students far more than typical quizzes and exams. Assign students an original case study and require each one to complete a CCM for didactic evaluation. Grading rubrics are already available for your revision and use.

Be Creative

Remember to mix up how you use active learning strategies throughout the semester. Students will better understand the complexity and uniqueness of patient care as a result of your time and effort. Encourage creativity in how students think about patient problems. Be energized and have a great year ahead!

References

Cook, L., Dover, C. & Dickson, M., et al. (2012). From care plan to concept map: A paradigm shift. Teaching and Learning in Nursing, 7, 88-92

Densen P. (2011). Challenges and Opportunities Facing Medical Education. Trans Am Clin Climatol Assoc, 122, 48-58.

Authored by:

Barbara Yoost, MSN, RN, CNE, ANEF

Read more

The Importance of HIPAA-Secure Communication

We all know that the healthcare industry is plagued with allegations of patient data breaches from online hackers and in-house data imposters. Hackers constantly attempt to steal the Protected Health Information (PHI) of patients and sell it on the black market for fraudulent purposes. Patients’ PHI data is vulnerable because it is shared with various healthcare entities.

Read more

“Smart Doctors Consult Nurses”

Yes! This is the quote I first heard in a CCU room “with a view” of the beautiful Charles River on the 21st floor of one of prestigious medical facility in Boston. The words were coming from the patient in the room, but needed to be taken seriously because she is also a physician. There were three other occupants in the room – a motherly nurse who was in charge of the patient, a doctor friend who was visiting the patient and I, the husband of the patient.

We were well into the 35-day long ordeal that my wife had undergone, resulting from a ruptured appendix while traveling overseas. Right from the dash out of the plane, the expedited immigration and customs formalities, and the ambulance-aided rush to the hospital emergency room, we were thinking about the doctors who would be taking care of her. However, I will be remiss if we didn’t highlight the crucial role that the nurses played in her treatment and care.

R-E-S-P-E-C-T

On the National Nurses Appreciation Day – May 6, 2019

As I look back into the daily ups and downs of her condition in the recent past, I clearly remember the major role the nurses played in taking care of my wife during this time. It was very clear that nurses were exceptionally trained and educated. They also spent considerable amount time with the patients, monitoring the symptoms and condition on a 24×7 basis, right from the time of the admission to discharge. Collectively, they are with the patients to support them physically as well as emotionally.

Back to the main story. On that particular evening, my wife was reminiscing with her physician friend about the residency days and how she learnt a lot of valuable skills and empathy from the nurses during her residency. She was particularly amazed at the medical knowledge and treatment of patients exemplified by many of the nurses. Fast forwarding to her many years of being an experienced attending, she still feels the same respect for her nurses, many of them being the same ones she worked with her during her training. She finds that consulting with nurses prior to rounding on a patient helps her immensely. So it was no wonder that during the conversation, she relayed her sincere belief that the smart doctors consult nurses, getting a wholehearted support from the other two healthcare professionals in the CCU room.

Nurses undergo a rigorous training, whether starting with an online program like BSN to DNP and everything in between. It definitely requires strong work ethics, positive attitude and a deep passion to help others in order to practice this noble profession.

Acknowledging the Critical Role

Following are only a few of the important facets of responsibilities handled by nurses:

  • Treatments. Nurses administer and oversee the treatments planned by the doctors. They are the ones who monitor the conditions and take into account what is working and what is not.
  • Technology Curve. The advances in medical devices have been growing by leaps and bounds. Nurses need to develop the necessary skills and be trained to handle these.
  • Conduit between the Patients & Doctors. Patients connect with nurses first in a fast-paced medical facility. They need to manage the expectations as well as effective communication on both sides
  • Emotional Support. Nurses are well trained to provide emotional assistance, by offering the empathy and their caring touch, they help mitigate the patients’ difficulties as a part of their treatment.
  • Procedures. When patients have to undergo complex procedures, nurses can help to educate them and lend a hand at navigating many of the details that could be daunting
  • Recovery. Nurses have to be physically strong to help patients not only when in their beds, but also when they are recovering after a serious illness. Simple matters like starting to walk need help and support from the nurses.
  • Goodwill Ambassador. Nurses are the faces of the hospitals and healthcare entities in general. Patients have most interaction with them – and these interactions can make or break the patient satisfaction and experience at the organization.

Finally…

I won’t get into the nuances or the debates of whether these doctors are smart because they consult nurses or the doctors become smart by consulting nurses! Either way it is a great observation to acknowledge the importance of the nurses and their insights in making better decisions for the patients.

So, next time when you think of medical profession, don’t just see the image of doctors – nurses should be right next to them!

+ N U R S E S

:: Sandeep Shah, on the Nurses’ Appreciation Day

Read more