HIPAA Compliance for Visiting Nurses

HIPAA compliance for visiting nurses is the same as for any other medical professional, even though their working environments can be much different.

This is because a visiting nurse is an employee of medical facility, hospice or other independent visiting nurse service, and is regarded to be a member of a Covered Entity´s workforce. As such, a visiting nurse is not a Business Associate – even though he or she provides a service for the Covered Entity – and is subject to the policies and procedures enforced by the Covered Entity.

However, there are unique challenges with regards to HIPAA compliance for visiting nurses working in the community. These challenges primarily concern the disclosure of Protected Health Information (PHI) to people they meet in their working environments and how their patients´ PHI is created, used, stored and shared with other members of the Covered Entity´s workforce.

Families and HIPAA Compliance for Visiting Nurses

Similar to nurses working in medical centers, visiting nurses have to use their discretion before disclosing the PHI of their patients to third parties without the written authorization of the patients or the persons appointed with durable power of attorney for healthcare (DPAH). Third parties can include family members, family friends and members of the clergy – all of whom will likely have a genuine concern for the wellbeing of the patient.

In a home environment, it can be much harder to avoid discussing a patient´s unrelated past medical problems with family members, particularly – as is sometimes the case – when the patient has expressly stated they do not want specific people made aware of their condition. This may mean patient notes, the results of tests, and telephone conversations with colleagues and consultants have to remain private to ensure HIPAA compliance for visiting nurses.

Communications and HIPAA Compliance for Visiting Nurses

As per the HIPAA Privacy Rule, the content of any conversations with permitted third parties and other members of the Covered Entity´s workforce should comply with the “Minimum Necessary Rule”. This Rule stipulates visiting nurses must make reasonable efforts to limit the PHI they disclose to the minimum necessary to accomplish the intended purpose of the disclosure.

This Rule not only applies to verbal conversations, but those conducted electronically by text, email or Instant Messenger. Indeed, before conversations are conducted by text, email or Instant Messenger, safeguards have to be put in place to prevent unsecured PHI being transmitted over publicly-accessible networks. This requirement is covered by the Technological Safeguards of the Security Rule, and is a key element of HIPAA compliance for visiting nurses.

Solutions to Aid HIPAA Compliance for Visiting Nurses

There are various tools that can contribute towards a better understanding of a visiting nurse´s compliance obligations and help visiting nurses remain HIPAA-compliant in the execution of their duties. Covered Entities can take advantage of special training courses that address the unique challenges of HIPAA compliance for visiting nurses – not only to assist nurses´ understanding of their compliance obligations, but also the Covered Entity´s privacy Officer and the nurses´ managers.

With regard to communicating PHI electronically, various HIPPA-compliant solutions exists such as secure text messaging for healthcare; which not only secure communications, but also protect the integrity of PHI while it is stored on a mobile device or laptop. These solutions should be investigated by all Covered Entities with a workforce that visits patients in the community to ensure HIPAA compliance for visiting nurses.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.