Oral Communications and HIPAA Privacy
-
Upload
atima-hooda -
Category
Documents
-
view
220 -
download
0
Transcript of Oral Communications and HIPAA Privacy
-
7/31/2019 Oral Communications and HIPAA Privacy
1/28
Oral Communication:Myths & Facts
Susan A. Miller, JDWEDI-SNIP Security & Privacy Co-chair
The Kearney Group
-
7/31/2019 Oral Communications and HIPAA Privacy
2/28
The clock is ticking... Privacy Modification Final Rule -- 8-14-02
Stillretains minimum necessary & oral
communications requirements Compliance deadline is stillApril 03
incidental communication such as
overhearing a fragment of conversation is
permissible--only ifreasonable safeguardsare in place
So what is areasonable safeguard?
-
7/31/2019 Oral Communications and HIPAA Privacy
3/28
The clock is ticking... Privacy Guidance from OCR -- 12-3-02
Incidental Uses and Disclosures includes oral
communications Two Level Review:
1) reasonable safeguards
2) minimum necessary
Compliance deadline is stillApril 03 So what is areasonable safeguard?
-
7/31/2019 Oral Communications and HIPAA Privacy
4/28
GUIDANCE states ...
Oral communications often must
occur freely and quickly in treatmentsettings. Thus, covered entities arefree to engage in communications as
required for quick, effective, and highquality care.
-
7/31/2019 Oral Communications and HIPAA Privacy
5/28
Reasonable safeguards are not ... Structural changes
Encryption of wireless or other
emergency medical radiocommunication
Encryption of telephone systems
Soundproofing of rooms
-
7/31/2019 Oral Communications and HIPAA Privacy
6/28
OCR Guidance Covered entities also may take into
consideration the steps that otherprudent health care and healthinformation professionals are taking
to protect patient privacy. Best Practices, local, regional, national
-
7/31/2019 Oral Communications and HIPAA Privacy
7/28
OCR Guidance
In areas where multiple patient-staff
communications routinely occur, usecubicles, dividers, shields, curtains,or similar barriers as may constitute
a reasonable safeguard. Practical Advice
-
7/31/2019 Oral Communications and HIPAA Privacy
8/28
OCR Guidance
CEs must evaluate what measures
make sense in their environment andtailor their practices and safeguardsto their particular circumstances.
Practical Advice
-
7/31/2019 Oral Communications and HIPAA Privacy
9/28
Reasonable safeguards are... Standards-based solutions
Best practices-based solutions
Solutions that can be measured &monitored
Solutions that are neither onerous,burdensome, disruptive or expensiveto fix
-
7/31/2019 Oral Communications and HIPAA Privacy
10/28
Whos policing this? The regulation permits you to file a
complaint against a CE with the Office ofCivil Rights at DHHS
In reality, States Courts are alreadyusingthe HIPAA privacy regulation as thestandard of care to make judgments
See 60 examples atwww.healthprivacy.org
-
7/31/2019 Oral Communications and HIPAA Privacy
11/28
E.g.,99: Washington, DCA Washington, DC jury ordered a local hospital topay $25, 000 for failing to keep a patientsmedical records confidential. Coworkers
learned of the victims HIV status after anemployee at the Washington Hospital Centerrevealed information in his medical record.
-P. Slevin, Man Wins Suit Over Disclosure
of HIV Status, The Washington Post, 12-30-99, p B4
-
7/31/2019 Oral Communications and HIPAA Privacy
12/28
E.g.,98: CaliforniaIn 1998, Longs Drugs in California settled a
lawsuit filed by an HIV positive man. After apharmacist inappropriately disclosed the mans
condition to his ex-wife, the woman was able touse that information in a custody suit. However,rather than pursue the suit, the man chose tosettle to avoid a court trial that could result in
news coverageof his illness.Longs Drugs Settles HIV Suit, San Diego
Union-Tribune, 9-10-98, p. A3
-
7/31/2019 Oral Communications and HIPAA Privacy
13/28
E.g.,02: WisconsinA jury in Waukesha, WI found that an emergency
medical technician (EMT) invaded the privacy of anoverdose patient when she told the patients co-worker about the overdose. The co-worker then
told the nurses at West Allis Memorial Hospital,where both she and the patient were nurses. TheEMT claimed she called the patients co-worker outof concern for the patient. The jury, found thatregardless of her intentions the EMT had no right to
disclose confidential & sensitive medicalinformation, and directed the EMT and heremployer to pay $3000 for the invasion of privacy.
L. Sink, Jurors Decide Patient Privacy Was
Invaded, Milwaukee Journal Sentinel, 5-9-02
-
7/31/2019 Oral Communications and HIPAA Privacy
14/28
Reasonable safeguards are... Standards-based solutions
Best practices-based solutions
Solutions that can be measured &monitored
Solutions that are neither onerous,burdensome, disruptive or expensiveto fix
-
7/31/2019 Oral Communications and HIPAA Privacy
15/28
Six Myths & Three Facts
about Oral Privacy
Oral privacy is subjective(no its not)
Oral communication cant be measured or monitored(yes it can)
There are no standards or best practices for oralcommunication(yes there are)
Oral privacy issues will be expensive to fix(no theyarent)
Best solution is to retrain staff to be discrete(good
luck!)
We dont need to do anything thanks to loopholes in the
Rule(doing nothing is not a reasonable safeguard)
-
7/31/2019 Oral Communications and HIPAA Privacy
16/28
Fact #1: standards are objective,
well known & widely practiced ISO 60268-16
ISO 9921-1 ANSI S3.2
ANSI S3.5 (first published in 1969!)
ASTM 1130-90 ASTM 1110-01
-
7/31/2019 Oral Communications and HIPAA Privacy
17/28
What the standards do Define the measurement framework (AI)
Quantitatively define three levels of privacy
- confidential privacy (AI
-
7/31/2019 Oral Communications and HIPAA Privacy
18/28
Fact #2: solutions are
available now & theyre cheap NRC-rated ceiling tiles absorb sound & can
be used where appropriate
NRC-rated, portable panels absorb/blocksound
STC-rated high-TL curtainsseparate patientbeds & block sound
Some white noise systems meet the ASTMoral privacy standard (normal
privacy=AI
-
7/31/2019 Oral Communications and HIPAA Privacy
19/28
Many solutions are
literally off the shelf Tiles, panels, curtains & white noise
are:
rated to known & accepted standards easy to implement
readily available
very affordable involve no staff re-training
-
7/31/2019 Oral Communications and HIPAA Privacy
20/28
Blocking speech
intelligibility is a best practice White noise (also called sound masking)
blocks the intelligibility of speech
was developed decades ago and used by DoD
& others for whom oral privacy is a deadlyserious issue (yes, loose lips still do sinkships)
is the most effective way to ensure oral privacy
creates a low-level background sound whichmatches the voice spectrum and isunobtrusive but extremely effective
-
7/31/2019 Oral Communications and HIPAA Privacy
21/28
White Noise: effective &
affordable White noise or sound masking Used to cost as much as a minimum of $15,000
plus $2.50 or more per square foot of treated
area--but that was awhile ago Miniaturized, digital technology (better
performance than the old way) now costs $150(enough for a waiting room) or about $0.50 per
square foot & can be used only where needed
-
7/31/2019 Oral Communications and HIPAA Privacy
22/28
Fact #3: Compliance can be
measured & monitored Available instruments measure oral privacyobjectively in order to:
set a benchmark based on a scale ofconfidential privacy or normal privacy
track compliance on a regular basis
maintain an objective record of complianceover time
can monitor compliance in numerous locations
-
7/31/2019 Oral Communications and HIPAA Privacy
23/28
Case Study: Chain Drug Store
-
7/31/2019 Oral Communications and HIPAA Privacy
24/28
Case Study: Hospital NursesStation
-
7/31/2019 Oral Communications and HIPAA Privacy
25/28
Case Study: Hospital
Compliance Complete Survey
-
7/31/2019 Oral Communications and HIPAA Privacy
26/28
Case Study: Mental Health Clinic
-
7/31/2019 Oral Communications and HIPAA Privacy
27/28
Summary Oral privacy is protected
The April 03 deadline is real
Standards & best practices abound
Compliance with the law can be
measured Solutions are available & cheap
-
7/31/2019 Oral Communications and HIPAA Privacy
28/28
Speaker Information Sue Miller may be reached via email at