Building Trust, Confidentiality, and Communication

The Elements of a Nurse Practitioner/Patient Relationship

• Establishing a rapport
• Confidentiality
• Cultural Competence; respect and tending to spiritual needs
• Mutual trust
• Nonjudgmental approach
• Professional boundaries

Therapeutic Communication

• Listen more than talk, allow silences when appropriate
• Acknowledge/focus on feelings: afraid, blue/sad, ashamed, happy, mad
• Show empathy
• Don’t ask too many open-ended questions, never “why?” say “Tell me more about…”

Privacy & Confidentiality

The Health Insurance Portability and Accountability Act (HIPAA)

What Information is Protected: The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”¹² “Individually identifiable health information” is information, including demographic data, that relates to:

• the individual’s past, present, or future physical or mental health or condition,
• the provision of health care to the individual, or
• the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.¹³ Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.

De-Identified Health Information: There are no restrictions on the use or disclosure of de-identified health information. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information; either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual’s relatives, household members, and employers is required and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual.

Without a patient’s written consent, a provider generally cannot:

• Disclose information to one’s employer
• Use or share a patient’s information for marketing or advertising purposes
• Share private notes about a patient’s health care

The Privacy Rule (Patient’s Rights)

• See or receive a copy of their health records and therapy notes
• Request corrections to their health information
• Receive a notice that tells the patient how their information may be used or shared
• Decide if they want to give permission before their health information can be used/shared for certain purposes
• File a complaint with one’s provider, health insurer, and/or the U.S. government if their rights are being denied or health information is not being protected.

Situations of Health Information is Allowed to be Viewed/Shared

• To pay for healthcare services
• Ensure proper treatment of care
• With a patient’s guardian, family, or others identified as being involved with their health care
• To protect the public (reporting disease outbreaks)
• Make required reports to the police (reporting gunshot victims)

Examples of Those Not Required to Follow HIPAA: employers, life insurers, certain school districts, child protective services, law enforcement agencies, municipal officers…etc. others