Oral Communications and HIPAA Privacy

Shared by: ZamsCLN
Tags
Stats
views:: 0
posted:: 11/30/2011
language:: English
pages:: 28
Public Domain
Document Sample
							Oral Communication:
   Myths & Facts
         Susan A. Miller, JD
   WEDI-SNIP Security & Privacy Co-chair
           The Kearney Group
      The clock is ticking...
• Privacy Modification Final Rule -- 8-14-02
• Still retains “minimum necessary” & “oral
  communications” requirements
• Compliance deadline is still April „03
• “incidental communication” such as
  overhearing a fragment of conversation is
  permissible--only if “reasonable safeguards”
  are in place
• So what is a“reasonable safeguard”?
      The clock is ticking...
• Privacy Guidance from OCR -- 12-3-02
• Incidental Uses and Disclosures includes oral
  communications
• Two Level Review:
  – 1) reasonable safeguards
  – 2) minimum necessary
• Compliance deadline is still April „03
• So what is a“reasonable safeguard”?
     GUIDANCE states ...

• “Oral communications often must
  occur freely and quickly in treatment
  settings. Thus, covered entities are
  free to engage in communications as
  required for quick, effective, and high
  quality care.”
“Reasonable safeguards” are not ...

• Structural changes
• Encryption of wireless or other
  emergency medical radio
  communication
• Encryption of telephone systems
• Soundproofing of rooms
          OCR Guidance

• “Covered entities also may take into
  consideration the steps that other
  prudent health care and health
  information professionals are taking
  to protect patient privacy.”
  – Best Practices, local, regional, national
          OCR Guidance

• “In areas where multiple patient-staff
 communications routinely occur, use
 cubicles, dividers, shields, curtains,
 or similar barriers as may constitute
 a reasonable safeguard.”
  – Practical Advice
          OCR Guidance

• “CEs must evaluate what measures
  make sense in their environment and
  tailor their practices and safeguards
  to their particular circumstances.”
  – Practical Advice
“Reasonable safeguards” are...

• “Standards-based” solutions
• “Best practices”-based solutions
• Solutions that can be measured &
  monitored
• Solutions that are neither onerous,
  burdensome, disruptive or expensive
  to fix
      Who‟s policing this?
• The regulation permits you to file a
  complaint against a CE with the Office of
  Civil Rights at DHHS
• In reality, States Courts are already using
  the HIPAA privacy regulation as the
  “standard of care” to make judgments
• See 60 examples at
  www.healthprivacy.org
E.g.,„99: Washington, DC
 A Washington, DC jury ordered a local hospital to
  pay $25, 000 for failing to keep a patient’s
  medical records confidential. Coworkers
  learned of the victim’s HIV status after an
  employee at the Washington Hospital Center
  revealed information in his medical record.
   - P. Slevin, “Man Wins Suit Over Disclosure
  of HIV Status,” The Washington Post, 12-30-
  99, p B4
   E.g.,„98: California
In 1998, Longs Drugs in California settled a
  lawsuit filed by an HIV positive man. After a
  pharmacist inappropriately disclosed the man’s
  condition to his ex-wife, the woman was able to
  use that information in a custody suit. However,
  rather than pursue the suit, the man chose to
  settle to avoid a court trial that could result in
  news coverage–of his illness.
  “Longs Drugs Settles HIV Suit,” San Diego
  Union-Tribune, 9-10-98, p. A3
  E.g.,„02: Wisconsin
A jury in Waukesha, WI found that an emergency
  medical technician (EMT) invaded the privacy of an
  overdose patient when she told the patient’s co-
  worker about the overdose. The co-worker then
  told the nurses at West Allis Memorial Hospital,
  where both she and the patient were nurses. The
  EMT claimed she called the patient’s co-worker out
  of concern for the patient. The jury, found that
  regardless of her intentions the EMT had no right to
  disclose confidential & sensitive medical
  information, and directed the EMT and her
  employer to pay $3000 for the invasion of privacy.
  L. Sink, “Jurors Decide Patient Privacy Was
  Invaded,” Milwaukee Journal Sentinel, 5-9-02
“Reasonable safeguards” are...

• “Standards-based” solutions
• “Best practices”-based solutions
• Solutions that can be measured &
  monitored
• Solutions that are neither onerous,
  burdensome, disruptive or expensive
  to fix
      Six Myths & Three Facts
         about Oral Privacy
• “Oral privacy is subjective” (no it’s not)
• “Oral communication can‟t be measured or monitored”
  (yes it can)
• “There are no standards or best practices for oral
  communication” (yes there are)
• “Oral privacy issues will be expensive to fix” (no they
  aren’t)
• “Best solution is to retrain staff to be discrete” (good
  luck!)
• “We don‟t need to do anything thanks to loopholes in the
  Rule” (doing nothing is not a “reasonable safeguard”)
Fact #1: standards are objective,
 well known & widely practiced

•   ISO 60268-16
•   ISO 9921-1
•   ANSI S3.2
•   ANSI S3.5 (first published in 1969!)
•   ASTM 1130-90
•   ASTM 1110-01
       What the standards do
•   Define the measurement framework (“AI”)
•   Quantitatively define three levels of privacy
•   - “confidential privacy” (AI<0.05)
•   - “normal privacy” (AI<0.20)
•   - “minimal privacy” (AI<0.35)
•   Define measurement methods & tools
•   These standards are widely used and of long
    standing. The first of them was originally
    published in 1969 and has been reaffirmed as
    recently as 1997
     Fact #2: solutions are
 available now & they‟re cheap
• NRC-rated ceiling tiles absorb sound & can
  be used where appropriate
• NRC-rated, portable panels absorb/block
  sound
• STC-rated “high-TL curtains”separate patient
  beds & block sound
• Some white noise systems meet the ASTM
  “oral privacy” standard (“normal
  privacy”=AI<0.2)
• There is no need to build walls
      Many solutions are
    literally “off the shelf”
• Tiles, panels, curtains & white noise
  are:
  – rated to known & accepted standards
  – easy to implement
  – readily available
  – very affordable
  – involve no staff re-training
        Blocking “speech
intelligibility” is a best practice
• White noise (also called sound masking)
  – blocks the “intelligibility” of speech
  – was developed decades ago and used by DoD
    & others for whom oral privacy is a deadly
    serious issue (yes, loose lips still do sink
    ships)
  – is the most effective way to ensure oral privacy
  – creates a low-level background sound which
    matches the voice spectrum and is
    unobtrusive but extremely effective
    White Noise: effective &
          affordable
• White noise or sound masking
  – Used to cost as much as a minimum of $15,000
    plus $2.50 or more per square foot of treated
    area--but that was awhile ago…
  – Miniaturized, digital technology (better
    performance than the old way) now costs $150
    (enough for a waiting room) or about $0.50 per
    square foot & can be used only where needed
Fact #3: Compliance can be
  measured & monitored
• Available instruments measure oral privacy
  objectively in order to:
   – set a benchmark based on a scale of
     “confidential privacy” or “normal privacy”
   – track compliance on a regular basis
   – maintain an objective record of compliance
     over time
   – can monitor compliance in numerous locations
Case Study: Chain Drug Store
Case Study: Hospital Nurses
         Station
   Case Study: Hospital
Compliance Complete Survey
Case Study: Mental Health Clinic
            Summary

• “Oral privacy” is protected
• The April „03 deadline is real
• Standards & best practices abound
• Compliance with the law can be
  measured
• Solutions are available & cheap
     Speaker Information
• Sue Miller may be reached via email at
  Sue@TheKearneyGroup.com