HIPAA & Client Confidentiality

To respect confidentiality means to keep private things private.  You will learn confidential (private) information about your clients.  You may learn about a client’s state of health, finances and personal relationships.  Ethically and legally, you must protect the confidentiality of this information. This means you should not tell anyone other than members of the healthcare team anything about your clients.

Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996.  It was further defined and revised in 2001 and 2002.  One of the reasons this law was passed is to help keep health information private and secure.  All healthcare organizations must take special steps to protect health information.  They and their employees can be fined and/or imprisoned if they do not follow special rules to protect privacy.  This applies to all healthcare providers, including doctors, nurses, home health aides and any members of the care team.

Under this law a person’s health information must be kept private.  It is called protected health information (PHI).  Examples of PHI include name, address, telephone number, social security number, e-mail address and medical record number.  Only people who must have information to provide care or to process records should know a person’s private health information.  They must make sure they protect the information so it does not become known or used by anyone else.  It must be kept confidential.

HHAs cannot give any information about a client to anyone who is not directly involved in the client’s care unless the client gives official consent or unless the law requires it.  For example, if a neighbor asks you how your client is doing, you should reply, “I’m sorry but I cannot share that information.  It’s confidential.”  That is the correct response to anyone who does not have a legal reason to know about the client.

Other ways HHAs can protect clients’ privacy include the following guidelines:

  • Do not leave information for a client on an answering machine. Leave only your name and number when asking clients or family members to call you back.
  • Make sure you are in a private area when you are listening to or reading your messages.
  • Know with whom you are speaking on the phone. If you are not sure, get a name and number to call back after you find out it’s okay to do so.
  • Do not make or accept telephone calls about clients in a public area.
  • When calling another client to let him know you are running late, be aware that Caller ID can identify the client from whose house you are calling. Use another phone not in the home.
  • When talking to a care team member on the phone, use regular phones, not cellular phones. Cell phones can be scanned.
  • Do not talk about clients in public places. Public areas include elevators, the grocery store, lounges, waiting rooms, parking garages, schools, restaurants, etc.
  • Use confidential rooms for reports to another care team member.
  • If you see a client’s family member or a former client in a public place, be careful in greeting him or her. He or she m ay not want others to know about the family member or that he or she has been a client.
  • Do not bring family or friends to the client’s home to meet the client. Do not leave family or friends in the car while you a re visiting a client.
  • Make sure nobody can see private and protected health or personal information on your computer screen while you are working. Log off when you are not working on your computer.
  • Do not give confidential information in e-mails because you do not know who has access to your messages.
  • Make sure fax numbers are correct before faxing any healthcare information. Use a cover sheet with a confidentiality statement.
  • Do not leave papers or documents where others may see them.
  • Store, file or shred documents according to your agency’s policy.
  • If you find papers or documents with a client’s information, give them to your supervisor.

All healthcare workers must comply with HIPAA regulations, no matter where they are or what they are doing.  There are serious penalties for violating these regulations.  Penalties differ depending upon the violation and can include:

  • A fine of $100 per person per violation.
  • A fine of $50,000 and/or not more than one-year imprisonment.
  • A fine of $100,000 and/or not more than five years imprisonment.
  • A fine of $250,000 and/or not more than ten years imprisonment

Maintaining confidentiality is a legal and ethical obligation.  It is part of respecting your clients and their rights.  Your clients have to trust you.  Talking about them betrays this trust.  Discussing a client’s care or personal affairs with anyone other than your supervisor or another member of the healthcare team violates the law.