Patient-supplied Respiratory Equipment in the Hospital

By Michael L. Smith, JD, RRT

Hospitals and respiratory therapists regularly receive requests from patients asking to use their own respiratory therapy equipment in the hospital. Chronic pulmonary patients are generally reluctant to change their treatment regimen and may request they be permitted to continue using their home ventilators or positive airway pressure units in the hospital. Generally, hospitals should not allow patients to use their own medical equipment.

Patient-supplied medical equipment poses numerous risks for hospitals and their RTs. Patient supplied equipment may be a different model than what the hospital’s RTs and other staff routinely use, which can contribute to errors in the equipment and alarm settings. The hospital may not have compatible parts to ensure that the patient-supplied equipment remains functional during the patient’s hospital stay.

Another risk for the hospital and its staff exists because the patient may not have properly maintained the medical equipment. The hospital and its staff cannot easily determine whether the patient-supplied medical equipment has been regularly serviced, including any necessary modifications based upon recalls. While a particular piece of equipment may appear well maintained on the surface, it could have numerous deficiencies that are almost impossible to detect by the hospital and its staff.

The hospital and its staff may be assuming significant legal liability by allowing patients to use their own medical equipment. Patient-supplied medical equipment that malfunctions could conceivably cause injury to multiple patients and hospital staff. Consequently, hospitals should avoid allowing patients to use their own medical equipment in the hospital.

Despite the risks, most hospitals still allow the use of at least some patient-supplied medical equipment under certain circumstances.

Whenever the hospital elects to allow patient-supplied medical equipment, it should involve the hospital’s counsel, risk manager, and all the necessary hospital departments in the process.

Most hospitals that allow patient-supplied medical equipment have some type of policy on the use of that equipment. Those policies should require written approval from the patient’s physician stating that the patient-supplied equipment is suitable based upon the patient’s current medical condition. Every policy also should require notice to all the clinical and non-clinical departments necessary to ensure the equipment is in good working order and safe to operate. Every piece of electrical equipment must be thoroughly checked for electrical safety, usually by the hospital’s biomedical department.

Whenever the hospital agrees to allow patient-supplied medical equipment, the hospital should have the patient sign a waiver that explicitly states that the hospital is not assuming any liability for the equipment. The waiver also should permit the hospital to use substitute equipment in the event the patient-supplied equipment fails or the patient’s condition changes. Unfortunately, the hospital probably cannot completely absolve itself of any liability for patient-supplied medical equipment, even when the patient signs a waiver.

In the event the patient-supplied equipment fails, the hospital staff will need to intervene and provide appropriate care to the patient, even if the patient assumed all responsibility for the equipment. The hospital staff also will need to regularly check to confirm that the equipment is functioning properly and that the medical equipment remains appropriate for the patient’s condition. Of course, the hospital staff must document their regular assessment of the patient-supplied medical equipment.

Michael L. Smith, JD, RRT is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Florida. This article is for general information only and is not a substitute for formal legal advice.

This article was originally published in Advance for Respiratory Care and Sleep Medicine.

Avoiding HIPAA Violations

By Michael L. Smith, JD, RRT

Every respiratory therapist knows that the Health Insurance Portability and Accountability Act (HIPAA) requires hospitals and health care providers to maintain the confidentiality of their patients’ protected health information (PHI). RTs may not know that the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) is investigating HIPAA violations and imposing sanctions on hospitals and other covered entities for violations. RTs also may not know that the Department of Justice is criminally prosecuting particularly egregious HIPAA violations.

HIPAA violations still occur despite the fact that we have years of training and experience in protecting patient privacy. Hospitals and health care systems take HIPAA violations seriously and frequently terminate employees for those violations. RTs can avoid violating HIPAA, and the consequences associated with a violation, by avoiding the following mistakes.

Never use a patient’s PHI for personal gain. Unfortunately, this example is not too obvious to include here. A nurse inArkansas pled guilty to criminal charges of deliberately misusing a patient’s PHI for personal gain. The nurse provided PHI on a patient to her husband so that her husband could use the information in a lawsuit involving the patient. The nurse pleaded guilty to wrongful disclosure of the patient’s health information. Another hospital employee inCalifornia pleaded guilty to selling celebrity medical information to at least one media outlet. Numerous celebrity medical records were involved, but the prosecuting attorney did not release the names of the celebrities.

Never snoop in a patient’s medical records. A hospital inHouston fired 16 employees for snooping into the medical records of an acquaintance out of curiosity. A hospital inArkansas suspended a doctor and fired two employees who snooped into the records of a local newscaster to satisfy their own curiosity. RTs should know that hospitals track the computer activity of their employees and their medical staff. Those same hospitals fire employees who inappropriately access patient records.

Never share PHI with people who have no legitimate reason to know the information. The OCR investigated a hospital and an employee in its surgical department based upon that employee providing a surgery schedule to a hospital supervisor. The surgery schedule included the name and PHI of one of the supervisor’s employees who was scheduled for surgery. The supervisor had no legitimate reason to know about his employee’s PHI.

Never share your computer passwords and log on information. Most hospitals have a policy requiring their employees to keep their computer passwords and log on information confidential. Those same hospitals are monitoring their employees’ computer activity using those same passwords and log on information. RTs who share their passwords and log on information with other people will eventually be required to explain instances of inappropriate access to PHI and the violation of their hospitals’ policies.

Never leave a computer unattended without logging off of the computer. Many hospitals have written policies requiring employees to log off their computers before leaving those computers unattended. RTs should not leave a computer unattended without logging off even if their hospital does not have a written policy.

Never communicate PHI to a patient by a method that the patient has not approved. RTs should confirm where their patients have authorized them to leave PHI. The OCR has investigated complaints against health care providers who left telephone messages including PHI at a patient’s home telephone number when the patient gave specific instructions to only be contacted through a cellular number.

Never discuss a patient’s PHI in such a manner that other individuals with no right or need to know the information can overhear the information. A hospital disciplined two of its employees for discussing a patient’s PHI with the patient in the waiting room, which allowed other patients and visitors to overhear the discussion. The patient’s complaint was investigated by the OCR, which found the hospital employees did not take reasonable efforts to avoid the disclosure of PHI. RTs are often treating patients in emergency rooms and other areas that do not provide the best privacy. Only discuss what you absolutely must discuss with the patient in order to provide care. If possible, those patients should be moved to a more private area before discussing PHI.

Never leave a patient’s paper records open and available for prying eyes. Paper records containing PHI are still common and will continue to exist for the foreseeable future. RTs need to remember that HIPAA requires hospitals and health care providers to have reasonable safeguards in place to protect patient records including paper records. RTs should follow their employer’s policies and procedures on paper records including the policies on the destruction of paper records.

RTs can avoid violating HIPAA by only accessing the records they need to provide appropriate care to their patients and by using reasonable safeguards to protect those patient records.

Michael L. Smith, JD, RRT is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Florida. This article is for general information only and is not a substitute for formal legal advice.

This article was originally published in Advance for Respiratory Care and Sleep Medicine.