Oral Communications and HIPAA Privacy

Published on June 2016 | Categories: Documents | Downloads: 28 | Comments: 0 | Views: 189
of 28
Download PDF   Embed   Report



Oral Communication: Myths & Facts
Susan A. Miller, JD
WEDI-SNIP Security & Privacy Co-chair The Kearney Group

The clock is ticking...
• Privacy Modification Final Rule -- 8-14-02 • Still retains “minimum necessary” & “oral communications” requirements • Compliance deadline is still April „03 • “incidental communication” such as overhearing a fragment of conversation is permissible--only if “reasonable safeguards” are in place • So what is a“reasonable safeguard”?

The clock is ticking...
• Privacy Guidance from OCR -- 12-3-02 • Incidental Uses and Disclosures includes oral communications • Two Level Review:
– 1) reasonable safeguards – 2) minimum necessary

• Compliance deadline is still April „03 • So what is a“reasonable safeguard”?

GUIDANCE states ...
• “Oral communications often must occur freely and quickly in treatment settings. Thus, covered entities are free to engage in communications as required for quick, effective, and high quality care.”

“Reasonable safeguards” are not ...
• Structural changes • Encryption of wireless or other emergency medical radio communication • Encryption of telephone systems • Soundproofing of rooms

OCR Guidance
• “Covered entities also may take into consideration the steps that other prudent health care and health information professionals are taking to protect patient privacy.”
– Best Practices, local, regional, national

OCR Guidance
• “In areas where multiple patient-staff

communications routinely occur, use cubicles, dividers, shields, curtains, or similar barriers as may constitute a reasonable safeguard.”
– Practical Advice

OCR Guidance
• “CEs must evaluate what measures make sense in their environment and tailor their practices and safeguards to their particular circumstances.”
– Practical Advice

“Reasonable safeguards” are...
• “Standards-based” solutions • “Best practices”-based solutions • Solutions that can be measured & monitored • Solutions that are neither onerous, burdensome, disruptive or expensive to fix

Who‟s policing this?
• The regulation permits you to file a complaint against a CE with the Office of Civil Rights at DHHS • In reality, States Courts are already using the HIPAA privacy regulation as the “standard of care” to make judgments • See 60 examples at www.healthprivacy.org

E.g.,„99: Washington, DC
A Washington, DC jury ordered a local hospital to pay $25, 000 for failing to keep a patient’s medical records confidential. Coworkers learned of the victim’s HIV status after an employee at the Washington Hospital Center revealed information in his medical record. - P. Slevin, “Man Wins Suit Over Disclosure of HIV Status,” The Washington Post, 12-3099, p B4

E.g.,„98: California
In 1998, Longs Drugs in California settled a lawsuit filed by an HIV positive man. After a pharmacist inappropriately disclosed the man’s condition to his ex-wife, the woman was able to use that information in a custody suit. However, rather than pursue the suit, the man chose to settle to avoid a court trial that could result in news coverage–of his illness. “Longs Drugs Settles HIV Suit,” San Diego Union-Tribune, 9-10-98, p. A3

E.g.,„02: Wisconsin
A jury in Waukesha, WI found that an emergency medical technician (EMT) invaded the privacy of an overdose patient when she told the patient’s coworker about the overdose. The co-worker then told the nurses at West Allis Memorial Hospital, where both she and the patient were nurses. The EMT claimed she called the patient’s co-worker out of concern for the patient. The jury, found that regardless of her intentions the EMT had no right to disclose confidential & sensitive medical information, and directed the EMT and her employer to pay $3000 for the invasion of privacy. L. Sink, “Jurors Decide Patient Privacy Was Invaded,” Milwaukee Journal Sentinel, 5-9-02

“Reasonable safeguards” are...
• “Standards-based” solutions • “Best practices”-based solutions • Solutions that can be measured & monitored • Solutions that are neither onerous, burdensome, disruptive or expensive to fix

Six Myths & Three Facts about Oral Privacy
• “Oral privacy is subjective” (no it’s not) • “Oral communication can‟t be measured or monitored” (yes it can) • “There are no standards or best practices for oral communication” (yes there are) • “Oral privacy issues will be expensive to fix” (no they aren’t) • “Best solution is to retrain staff to be discrete” (good luck!) • “We don‟t need to do anything thanks to loopholes in the Rule” (doing nothing is not a “reasonable safeguard”)

Fact #1: standards are objective, well known & widely practiced
• • • • • • ISO 60268-16 ISO 9921-1 ANSI S3.2 ANSI S3.5 (first published in 1969!) ASTM 1130-90 ASTM 1110-01

What the standards do
• • • • • • • Define the measurement framework (“AI”) Quantitatively define three levels of privacy - “confidential privacy” (AI<0.05) - “normal privacy” (AI<0.20) - “minimal privacy” (AI<0.35) Define measurement methods & tools These standards are widely used and of long standing. The first of them was originally published in 1969 and has been reaffirmed as recently as 1997

Fact #2: solutions are available now & they‟re cheap
• NRC-rated ceiling tiles absorb sound & can be used where appropriate • NRC-rated, portable panels absorb/block sound • STC-rated “high-TL curtains”separate patient beds & block sound • Some white noise systems meet the ASTM “oral privacy” standard (“normal privacy”=AI<0.2) • There is no need to build walls

Many solutions are literally “off the shelf”
• Tiles, panels, curtains & white noise are:
– rated to known & accepted standards – easy to implement – readily available – very affordable – involve no staff re-training

Blocking “speech intelligibility” is a best practice
• White noise (also called sound masking) – blocks the “intelligibility” of speech – was developed decades ago and used by DoD & others for whom oral privacy is a deadly serious issue (yes, loose lips still do sink ships) – is the most effective way to ensure oral privacy – creates a low-level background sound which matches the voice spectrum and is unobtrusive but extremely effective

White Noise: effective & affordable
• White noise or sound masking – Used to cost as much as a minimum of $15,000 plus $2.50 or more per square foot of treated area--but that was awhile ago… – Miniaturized, digital technology (better performance than the old way) now costs $150 (enough for a waiting room) or about $0.50 per square foot & can be used only where needed

Fact #3: Compliance can be measured & monitored
• Available instruments measure oral privacy objectively in order to: – set a benchmark based on a scale of “confidential privacy” or “normal privacy” – track compliance on a regular basis – maintain an objective record of compliance over time – can monitor compliance in numerous locations

Case Study: Chain Drug Store

Case Study: Hospital Nurses Station

Case Study: Hospital Compliance Complete Survey

Case Study: Mental Health Clinic

• • • • “Oral privacy” is protected The April „03 deadline is real Standards & best practices abound Compliance with the law can be measured • Solutions are available & cheap

Speaker Information
• Sue Miller may be reached via email at [email protected]

Sponsor Documents

Or use your account on DocShare.tips


Forgot your password?

Or register your new account on DocShare.tips


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in