Patient Rights for CNAs

The Nursing Home Reform Act, passed by Congress in 1987 as part of the Omnibus Budget Reconciliation Act (OBRA '87), created the first federal Resident Bill of Rights for long-term care. Any facility that accepts Medicare or Medicaid payments must follow it, which covers nearly every nursing home in the United States. The law was a response to widespread neglect and abuse documented in the 1980s, and it shifted the legal standard so that facilities must help each resident reach their "highest practicable physical, mental, and psychosocial well-being."

OBRA '87 guarantees a specific set of rights that every CNA must memorize for the state competency exam. These include the right to dignity and respect, privacy and confidentiality, freedom from abuse and unnecessary restraints, participation in care planning, the ability to voice grievances without retaliation, management of one's own finances, freedom of choice in physicians and visitors, the right to refuse treatment, and the right to execute advance directives. Hospitals are governed by a similar Patient Bill of Rights developed by the American Hospital Association and individual state laws.

Residents must receive a written copy of these rights upon admission, in language they understand, and the rights must be posted visibly in the facility. The state long-term care ombudsman program, also created by OBRA, gives residents an outside advocate they can call if their rights are violated. As a CNA you are expected to know who the ombudsman is and to never block or discourage a resident from contacting them, family members, or government inspectors.

Dignity is the right to be treated as a whole person, not as a task or a diagnosis. For a CNA this shows up in dozens of small behaviors every shift: knocking before entering a room, addressing residents by their preferred name and title (never "sweetie," "honey," or "grandma"), speaking to them rather than over them, and never discussing them with coworkers as if they were not present. Older adults from earlier generations especially expect to be addressed as Mr. or Mrs. unless they invite a first-name basis, and using the correct name is a tested NNAAP behavior.

Privacy during personal care is a non-negotiable, exam-critical skill. Before any procedure such as bathing, perineal care, dressing, or toileting, you must close the room door, pull the privacy curtain completely around the bed, and close any window blinds. The resident's body should be covered with a bath blanket or towel and only the part you are actively working on should be exposed. Expose, wash, rinse, and dry one body area at a time, then re-cover before moving on.

Privacy also extends to mail, phone calls, visitors, and personal relationships. Residents have the right to send and receive unopened mail, to speak on the phone in private, to see visitors of their choosing, and to have private time with a spouse or partner. They may keep and use personal possessions including clothing, photos, and small furniture as space allows. A CNA should never read a resident's mail, listen in on a phone call, or remove personal items without the resident's permission.

Maintaining dignity also means protecting residents from embarrassment. Do not laugh at, scold, or argue with a resident. Knock and announce yourself even if the door is open. Make sure residents are fully dressed and groomed before they leave their room. If a resident is incontinent, clean them promptly and quietly without commentary. These behaviors are not just kindness - they are required by federal law and graded directly on the skills portion of the state CNA exam.

The Health Insurance Portability and Accountability Act, known as HIPAA, was passed by Congress in 1996. Its Privacy Rule sets a federal standard for protecting Protected Health Information (PHI) - any information that can be linked to an identifiable patient, including name, room number, diagnosis, treatment, lab results, photos, and even the fact that the person is a resident at the facility. The Security Rule covers electronic records, and the Breach Notification Rule requires facilities to report when PHI is exposed.

As a CNA you handle PHI constantly: you see care plans, hear shift report, document vital signs, and watch residents during personal care. HIPAA permits you to share this information only with other members of the care team who need it to do their jobs, and only the minimum necessary amount. You may not discuss a resident in the cafeteria, the parking lot, the elevator, or at home with family. You may not look up records of residents you are not assigned to, even out of curiosity, and you may not post anything about your work on social media, even without using names.

Family members, friends, and even other residents do not automatically have a right to PHI. If a daughter calls asking how her mother is doing, you should refer her to the nurse and confirm she is on the approved contact list before disclosing anything. The same rule applies to clergy, neighbors, and law enforcement unless a court order or specific HIPAA exception applies. Violations carry serious civil and criminal penalties for both the facility and the individual employee, including fines and loss of certification.

Common, real-world HIPAA mistakes by CNAs include leaving a computer screen unlocked, leaving a chart open on the counter, taking a photo of a resident with a personal phone, gossiping with friends about a memorable patient, and confirming over the phone that someone is a resident. Treat every piece of patient information as if it belonged to your own family member and you will rarely go wrong.

Every resident has a federally protected right to be free from physical, emotional, sexual, and financial abuse, as well as from neglect and exploitation. Physical abuse includes hitting, slapping, pinching, rough handling, and force-feeding. Emotional or psychological abuse includes yelling, threats, insults, humiliation, isolation, and the silent treatment. Sexual abuse is any non-consensual sexual contact, and importantly, a resident with significant dementia cannot legally give consent. Financial abuse includes stealing money or belongings, forging signatures, or coercing a resident into changing a will.

Neglect is the failure to provide care that a reasonable caregiver would provide, and it can be just as harmful as active abuse. Signs include pressure ulcers (bedsores), dehydration, malnutrition, untreated pain, poor hygiene, soiled linens, and unexplained weight loss. Self-neglect occurs when a resident with capacity refuses care, which is their right, but staff must still document and offer assistance. CNAs are legally classified as mandatory reporters in every state - you are required by law to report suspected abuse or neglect to your charge nurse, the facility administrator, and often directly to Adult Protective Services or the state survey agency.

Restraints are anything that restricts a resident's freedom of movement or access to their own body and cannot be easily removed by the resident. Physical restraints include vest restraints, wrist or ankle ties, lap trays that the resident cannot release, and side rails that prevent them from getting up. Chemical restraints are medications used to sedate a resident for staff convenience rather than to treat a diagnosed medical condition. Environmental restraints include locked rooms or geri-chairs that hold the person in place.

Federal law under OBRA '87 and 42 CFR 483 requires the least restrictive approach: restraints may be used only to treat a documented medical symptom, only with a physician's order, only after less restrictive alternatives have failed, only for the shortest time possible, and never for discipline or staff convenience. CNAs caring for a resident in restraints must check on them at least every 15 to 30 minutes, release the restraint at least every two hours for repositioning, toileting, fluids, and range of motion, and document everything. Restraint alternatives - such as a low bed, bed alarm, frequent rounding, scheduled toileting, and activity programs - are always preferred.

An advance directive is a legal document in which a competent adult states their wishes for medical care in case they later become unable to speak for themselves. The federal Patient Self-Determination Act of 1990 requires every facility that accepts Medicare or Medicaid to ask each resident on admission whether they have an advance directive, to provide written information about their right to create one, and to honor it. Residents are never required to have one, but if they do, their wishes carry the legal weight of an in-person decision.

The three documents a CNA must recognize are the living will, the durable power of attorney for healthcare (also called a healthcare proxy or healthcare agent), and the Do Not Resuscitate order. A living will lists which life-sustaining treatments a person does or does not want, such as CPR, mechanical ventilation, tube feeding, and dialysis. A healthcare power of attorney names a specific person who is authorized to make medical decisions on the resident's behalf if they lose capacity. A DNR is a physician's order that staff must not perform CPR if the heart or breathing stops; some states also use POLST or MOLST forms with broader scope.

A CNA does not interpret, sign, witness, or change advance directives - those are nurse, social worker, and physician responsibilities. Your job is to know which residents have one, to follow it, and to make sure care reflects it. If a resident with a DNR stops breathing, you call for help and provide comfort but do not begin CPR. If a resident says they want to change their wishes, report it to the nurse immediately so the document can be updated through the proper legal process. Never assume that an old or seriously ill resident has a DNR - always check the chart or care plan.

Self-determination is the right of every resident to make decisions about their own daily life. Under OBRA '87, residents have the right to participate in their own care planning, attend care conferences, and be told in advance of any change in care, room, or roommate. They may choose their own physician, refuse any treatment or medication, choose when to wake up and go to bed, and decide what to wear. A CNA who insists "it's bath day" or "you have to eat your breakfast now" is violating this right, even if the intentions are good.

Choice extends to food, religion, activities, and relationships. Residents may follow religious or cultural dietary restrictions, request alternative meals, decline group activities, and worship as they wish - including refusing to participate in facility religious services. They may form resident councils, vote in elections, send and receive mail, and use the telephone privately. They may also choose visitors, decline visitors, and have intimate relationships with consenting partners. Married couples have the right to share a room when both want to and when it is medically appropriate.

The right to refuse care is one of the most commonly tested topics on the NNAAP exam. A resident with decision-making capacity may refuse any treatment, including medication, bathing, blood draws, and even food. As a CNA, your job is to ask why, offer alternatives ("Would you prefer a bed bath later this afternoon?"), document the refusal, and report it to the nurse. You may never force, threaten, or trick a resident into accepting care, even when you believe it is in their best interest. The only exceptions are emergencies in which the resident cannot communicate and the legal decision-maker is unavailable.