Ensure patients’ privacy before disaster arrives
An expert offers up some advice for recovery
Every disaster plan should include a strategy for coping with damaged records. It’s a crucial first step in the department’s recovery.
If the facility contracts with a fire, flood, or storm damage restoration company, it’s a good idea to have a contract ready that would address various provisions for ensuring the privacy of the documentation.
According to a disaster planning practice brief written by Gwen Hughes, RHIA, a Belgrade, MT-based professional practice manager with the American Health Information Management Association in Chicago, here are items that should be included in a damage restoration contract, providing the restoration business will:
- specify the method of recovery;
- not use or further disclose the information other than as permitted or required by the contract;
- use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract;
- include the items required in business associate contracts per the Health Insurance Portability and Accountability Act privacy rule;
- report to the contracting organization any inappropriate use or disclosure of the information of which it becomes aware;
- ensure that any subcontractors or agents with access to the information agree to the same restrictions and conditions;
- indemnify the health care facility from loss due to unauthorized disclosure;
- upon termination of the contract, return or destroy all health information received from the contracting organization and retain no copies;
- specify the time that will elapse between acquisition and return of information and equipment;
- authorize the contracting entity to terminate the contract if the business partner violates any material term of the contract.