Ensure patients’ privacy before disaster arrives

An expert offers up some advice for recovery

Every disaster plan should include a strategy for coping with damaged records. It’s a crucial first step in the department’s recovery.

If the facility contracts with a fire, flood, or storm damage restoration company, it’s a good idea to have a contract ready that would address various provisions for ensuring the privacy of the documentation.

According to a disaster planning practice brief written by Gwen Hughes, RHIA, a Belgrade, MT-based professional practice manager with the American Health Information Management Association in Chicago, here are items that should be included in a damage restoration contract, providing the restoration business will:

  • specify the method of recovery;
  • not use or further disclose the information other than as permitted or required by the contract;
  • use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract;
  • include the items required in business associate contracts per the Health Insurance Portability and Accountability Act privacy rule;
  • report to the contracting organization any inappropriate use or disclosure of the information of which it becomes aware;
  • ensure that any subcontractors or agents with access to the information agree to the same restrictions and conditions;
  • indemnify the health care facility from loss due to unauthorized disclosure;
  • upon termination of the contract, return or destroy all health information received from the contracting organization and retain no copies;
  • specify the time that will elapse between acquisition and return of information and equipment;
  • authorize the contracting entity to terminate the contract if the business partner violates any material term of the contract.