HIPAA privacy regulation sparks varied solutions

Think reasonable, good faith’

Hospitals are running the gamut of possible solutions as they struggle to interpret the provisions of the the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, says Tony Mogavero, director of physician services for St. Petersburg, FL-based John Putnam International, a company that provides web-based and teacher-led education for access personnel.

His advice is to keep in mind the terminology the Federal Register uses — "reasonable safeguard and good-faith effort" — in regard to protecting patient privacy, says Mogavero, who conducts workshops for hospitals and physician groups on the implications of HIPAA.

A hospital in Plant City, FL, is calling by number, rather than name, patients who are waiting for lab work, concerned about the possible privacy violations associated with sign-in sheets, he notes. A physician practice he has worked with uses a vibrating pager, much like those employed by restaurants, to alert patients that it’s their time to be seen, Mogavero says.

Other providers have eliminated the sign-in sheet altogether, or destroy it right away, compromising their ability to document patient visits for Medicaid, he adds. On the other end of the spectrum, he says, are those who display a sign-in sheet with not only patient names, but dates of birth and Social Security numbers. In one extreme interpretation of the privacy law, he says, a hospital’s employees were taking an allergy sticker off a patient’s chart. Proper privacy measures can vary, Mogavero suggests, depending on whether the health care provider is, for example, a primary care clinic with a large number of HIV-positive patients or an ophthalmologist practice. In the latter case, he questions whether substituting pull-off numbered labels for the sign-up sheet routine actually is necessary.