• The Health Insurance Portability and Accountability Act (HIPAA) protects your private health care information. This law limits access to individually identifiable information such as diagnosis, treatments, or prescriptions. A home health nurse must use caution when dealing with a patient's private health care information to avoid violating HIPAA regulations. There are three main components of HIPAA that all health care professionals need to be in compliance with.
  
  

HIPAA Privacy Rule

• This part of HIPAA regulates how and when individually identifiable health information may be shared. A home health nurse must be in compliance with privacy rules and in most cases, must not disclose identifiable health information unless the patient gives consent. There are some exceptions to this rule, such as in the event of abuse or neglect, if the patient has a disease that affects the safety of the public, or for law enforcement purposes. The home health agency provides training or handbooks so that nurses are aware of all exceptions and can be in full compliance with HIPAA laws.
  
  

HIPAA Transaction and Code Set Rule

• This part of the HIPAA law streamlines medical coding such as diagnosis and procedure codes. A nurse must comply with this aspect of the law when providing information to a third party such as a private insurance company or Medicare, so that their agency may receive payment. The patient's insurance company requires the appropriate billing codes to issue payment either to the nursing agency or directly to the patient. A home health nurse may need to obtain prior authorization from an insurance company before performing medical procedures or treatments, to ensure payment.
  
  

HIPAA Security Rule

• This part of HIPAA sets certain security standards for protecting electronic medical records (EMR). This portion of the law addresses aspects of EMR security such as proper encryption and protection of electronic equipment containing protected health information. While a home health nurse is not directly responsible for the encryption of private health information, she does need to make sure she complies with any of her agency's security measures. This may include keeping electronic files password protected and locking or minimizing screens containing sensitive material.