Ensure patients’ privacy before the disaster

Before a disaster strikes

Every disaster plan should include a strategy for coping with damaged records. It’s a crucial first step in the HIM department’s recovery.

If the facility contracts with a fire, flood, or storm damage restoration company, it’s a good idea to have a contract ready that would address various provisions for ensuring the privacy of the documentation.

According to a disaster planning practice brief written by Gwen Hughes, RHIA, a Belgrade, MT-based professional practice manager with the American Health Information Management Association (AHIMA) in Chicago, the damage restoration contract should stipulate that the restoration business will:

  • Specify the method of recovery.
  • Not use or further disclose the information other than as the contract permits or requires.
  • Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract.
  • Include the items required in business associate contracts in accordance with the Health Insurance Portability and Accountability Act privacy rule.
  • Report to the contracting organization any inappropriate use or disclosure of the information of which it becomes aware.
  • Ensure that any subcontractors or agents with access to the information agree to the same restrictions and conditions.
  • Indemnify the health care facility from loss due to unauthorized disclosure.
  • Upon termination of the contract, return or destroy all health information received from the contracting organization and retain no copies.
  • Specify the time that will elapse between acquisition and return of information and equipment.
  • Authorize the contracting entity to terminate the contract if the business partner violates any material term of the contract.