Critical Path Network

Patient privacy at risk in hallways and cafeterias

Researchers record regular breaches

Health care providers routinely discuss confidential patient information in hospital hallways, cafeterias, and lobbies, two researchers have concluded.

"The country has recently invested a tremendous amount of resources in the nation’s largest set of federal privacy laws to prevent health care providers and institutions from divulging or selling patient information. But we found that the daily conversations of physicians, nurses, hospital staff, and technicians can jeopardize the same kind of personal information," says Marifran Mattson, PhD, associate professor of communications at Purdue.

Hospital staff need to be more aware and more careful about discussing protected patient information out in the open, Mattson asserts.

"Confidentiality breaches are occurring daily. While health care providers may not be malicious in their disclosures, they are still sharing patients’ most personal information with unauthorized individuals, which has the potential to create problems," she adds.

Disclosure of patient information can lead to identity theft, discrimination, or social stigma if a medical condition or patient identification information, such as a Social Security number, is disclosed inadvertently, she adds.

As a result, a patient or family member could report the incident, resulting in a fine for the hospital under the Health Insurance Portability and Accountability Act legislation, she adds.

Mattson and her colleague Maria Brann, PhD, assistant professor of communication studies at West Virginia University, spent more than three months observing hospital staff in a 120-bed acute-care hospital in a small Midwestern town. The observations took place three days a week between the hours of 6:30 a.m. and 11:30 p.m.

"We primarily sat in open public spaces such as waiting rooms, hallways, and lunchrooms and observed what was happening with an eye toward looking for breaches in confidentiality," Mattson says.

The researchers didn’t try to eavesdrop on conversations, she adds. "We just sat in place and could hear all these things going on."

In addition, the researchers interviewed 51 patients who were approached in open areas and asked about their experience with privacy in the hospital setting.

"Patients told us they want the hospital staff to be more aware that they’re dealing with lives and to consider the ramifications of the information they divulge," she says.

It appeared that most of the breaches in confidentiality were unconscious. Hospital staff just forgot and discussed patient information out in the open, Mattson says.

The most frequent confidentiality breaches involved informal conversations between health care providers, she says. "We overheard health care providers talking to one another in the lunchroom about a fellow employee’s health situation or discussing a patient’s case right out in the open," she says.

The researchers also observed external confidentiality breaches — staff sharing confidential information with family or friends.

In many cases, hospital staff make telephone calls about patients while they are sitting at a desk in the waiting room or lobby, where they can be overheard by anyone within earshot.

"We observed people sitting at a desk and using the speaker phone to call the insurance company. They’d say the name and Social Security number, then take it off speaker phone. These conversations should be conducted in private offices," she says.

One patient in a hospital waiting room told the researchers: "I know that person. She’s my neighbor. I had no idea she had that problem."

Hospital staff should conduct telephone calls in more private locations, rather than sitting at the desk in the waiting room, Mattson asserts.

"Hospitals need to change the arrangements of offices. In most places, you stand in a general line and wait and walk up to a booth. This creates situations where your personal information is overheard by everyone in the waiting room," she says.

The researchers recommend hospitals streamline processes so fewer people have to handle confidential patient information. Mattson cited another study that found 17 people on average have access to a patient’s health information at a given time.1

"The hospital staff should look at whether that many people need to have access to the information and to change their procedures to limit access to the information to a few people," she adds.

Mattson recommends department managers have their entire staff sign a confidentiality agreement in the hope that it will serve as a reminder to pay attention to inadvertent disclosures. Other recommendations include:

  • Offer more thorough training to refresh the staff’s memories about the need to think before speaking about a patient in an open area.
  • Make staff aware when people can overhear their telephone conversations and ask them to make calls that involve patient information in a back room.
  • Ask your staff: "Would you want this type of information revealed about you?" If people think about it in that way, they’re more likely to be careful what they divulge, she adds.

1. Lazoritz M. Guarding patient confidentiality in a managed care setting, Behavioral Health Management September/ October 1994; 46.