The trusted source for
healthcare information and
HIPAA Regulatory Alert: 5 ways to comply with HIPAA oral privacy regs
Consider simple design changes
When an orthopedic resident was paged repeatedly to assess a patient with an open fracture of the forearm, he failed to respond. The resident was paged multiple times and took more than an hour to get to the emergency department (ED). When he finally arrived, instead of apologizing for his delay, he began to loudly explain to the patient and his family that he was unaware of the urgency of the situation, recalls Peter Alan Bell, DO, FACOEP, FACEP, professor of emergency medicine at Ohio University College of Osteopathic Medicine in Columbus. "In a loud and clear voice, he criticized the staff’s treatment and questioned their competency," Bell says.
Furthermore, the resident loudly discussed the extent of the injury, treatment, and potential complications, he adds. "His residency program director and I discussed this," he says. "Needless to say, his behavior was not condoned, and he received counseling." This is a potential violation of the Health Insurance Portability and Accountability Act’s (HIPAA) oral privacy requirements. (To obtain the regulations, see "Resources" section at end of article.) Penalties are severe, with civil penalties of up to $25,000 for each requirement violated, and criminal penalties of up to $50,000 and one year in prison for obtaining or disclosing protected health information.1,2
Consider another example of a potential HIPAA violation: When a thoracic-vascular surgeon suspected an aortic aneurism in an 89-year-old man, he discussed the plan of care, the risks, and the probability of success in full earshot of other patients. "He was loud enough for patients at a half dozen beds to hear, plus the staff at the adjacent nursing station," Bell says. When asked why he was speaking so loudly, he replied that this was a risky operation and he wanted witnesses. "I suggested he lower his voice," he says. The patient and his three children all had good hearing, he says. "The nurse would serve as his witness on the surgical consent form, and he could list the risks on the form for the patient to sign," Bell says. "If he was really concerned, he should ask the children to sign as well."
Don’t ignore oral privacy
You may wrongly believe that it’s impossible to give patients oral privacy in the hectic ED environment, says David Sykes, PhD, vice president and lead consultant for HIPAA compliance for Acentech, a Cambridge, MA-based consulting firm specializing in noise control. "ED managers often assume that it’s too expensive a problem to solve, and therefore, they ignore it," Sykes says. That’s a mistake, he says. "It’s in the patient’s best interest and your best interest to fix this," Sykes says.
Here are effective ways to comply with HIPAA requirements for oral privacy:
1. Encourage staff to be discreet.
Bell says, "I believe that we all could do a better job lowering our voices or stepping away from the bedside or main flow of people to discuss cases."
2. Consider simple design changes.
Remodeling the ED is not a HIPAA requirement, Bell stresses. "However, it certainly seems prudent that we take into consideration simple changes that would enhance confidentiality," he says. Bell gives these examples to improve oral privacy:
3. Limit access of visitors.
Visitors pose the greatest risk of breach of confidentiality, but limiting access is not that difficult, Bell says. "Locked EDs are now the standard," he adds. "Defining how many visitors are allowed per patient and use of a visitors badge system can control flow." Security personnel can help by ensuring that a visitor’s badge matches the patient he or she is visiting, and if not, asking visitors to leave, Bell points out.
4. Ask staff to put themselves in the patient’s shoes.
It helps to remind staff to consider the issue of privacy from the ED patient’s perspective, he says. "Patients put on a gown, lay down on a gurney, and subject themselves to a full work-up/evaluation," he says. "Add inadequate pain control, and the picture is almost complete." Consider the embarrassment of having the details of whatever brought you to the ED broadcast to others, he says. "It’s not a pleasant feeling," Bell says.
5. Use sound-blocking tools to mask noise.
The following are effective and inexpensive solutions to block conversation in the ED waiting room, treatment areas, and hallways, says Sykes. (To obtain information about these tools and products, he recommends accessing www.google.com and doing a search using key words "HIPAA sound masking.")
For more information about compliance with oral privacy regulations, contact:
1. 45 CFR §160.306 and §160.312 (2000) for Civil Enforcement.
2. 42 USC 1320d-6 (HIPAA Sec. 1177) for Criminal Enforcement.