Health Information Compliance Alert
Reader Questions Answered
PDF
Doctors Anonymous Answer: "Absolutely not," says Michael Roach, an attorney with Michael C. Roach & Associates in Chicago. First, he says, the privacy rule requires health care providers only to take reasonable steps, "and it wouldn't be reasonable for all of these providers all over the country to remove their names from their doors." HIPAA Drama For Trauma Doc Question: We're a busy four-doctor orthopedic office, and our physicians are trauma surgeons for one of the few trauma hospitals around, so we're very busy! One of our doctors asked whether there is a confidentiality violation in the surgery lounge at this hospital, possibly against him, because the names of the patients scheduled for surgery that day have their names posted on a big surgery board. Drug reps and other sales-related people and other employees (nurses, sanitation, et al.) frequent this lounge. Answer: As with all covered entities, hospitals need to make reasonable efforts to reduce the amount of patient information seen by visitors, says Kristen Rosati with Coppersmith Gordon Schermer Owens & Nelson in Phoenix. Question: An employee who works at our company has shingles and has been in contact with some pregnant women in our office. Can we disclose his name to these women? Answer: Shingles is a communicable disease, and there is a chance that the virus from a shingles patient may cause chickenpox in someone who has not had it before. The bottom line: While HIPAA was never intended to put anyone's health safety at risk, you'll still need to consult your state laws before announcing an employee's health information to any of your staff members.
Question: Are doctors required to remove their names from the outside of their buildings so that passers-by won't be able to tell what type of office patients are entering?
- Oregon subscriber
Second, "it doesn't really reveal anything for you to know that I'm going to see Dr. Smith," Roach maintains. If the name on the door also says "psychiatrist," then it might reveal something about the entering patient, but the Department of Health and Human Services does not consider that to be a disclosure of protected health information, Roach states.
First of all, is this is actually a violation? If it is a violation, does this doctor have the right to ask the trauma hospital to change its policy?
- California subscriber
"While posting the surgery list in the surgery lounge certainly is not a HIPAA violation, if visitors regularly come to the lounge, the hospital might consider putting the surgery list in a binder to reduce the information seen by outsiders," Rosati explains. She says posting the surgery list is considered a "health care operations" function, and if an outsider sees the list, it is considered an incidental disclosure "as long as the institution has taken reasonable safeguards to minimize that exposure."
Communicable Communication?
- Kentucky subscriber
But as far as HIPAA is concerned, questions such as these are essentially functions of state law, responds Stephen Bernstein, an attorney with McDermott Will & Emery in Boston. The threat of a communicable disease among your workforce constitutes a state law safety concern and isn't really driven by HIPAA, he says.
"So HIV and all those kinds of categories of sensitive health information - other than psychotherapy notes - are totally driven by state law concerns," he explains. Therefore, you must consult state law before going ahead and disclosing the individual's protected health information to other employees without the individual's authorization.
One might be able to argue that protecting your staff's health can be considered part of your health care operations, which would then allow you to disclose the PHI without obtaining a signed authorization, says Bernstein.
But he's quick to add that even if the regs did allow you to categorize staff safety as a health care operation, you'd still have to check whether your state or local law places stricter limitations on such disclosures than HIPAA.
And does it matter which disease you're talking about - be it shingles, hepatitis or HIV? Again, go back to your state laws, since each state might have different protection requirements for different types of diseases, notes Bernstein.
Health Information Compliance Alert
- Incapacitated Patients Don't Knock Out HIPAA
3 Scenarios Will Help You Realize Your Obligations
It's a common occurrence in many health [...] - Put These Top 5 Transactions Tips On Your 'To Do' List
They say time is money, and for covered entities, the hours used to ensure transactions [...] - CMS Gives Paper-Billers 'Get Out Of TCS Rule Free' Card
A few sharp tips will keep your compliance plan on the cutting edge
While covered entities [...] - Sample HIPAA Security Officer Job Description
Whether you're thinking of creating a position in your facility for a HIPAA security officer, [...] - Conference Calendar Corner
From TCS compliance to security rule training, the month of September is chock full of [...] - Test Your HIPAA Smarts - It's Quiz Time!
Do you know the difference between an incidental disclosure and a HIPAA violation?
Can you spot [...] - Save Time And Money - Ask The Rights Questions
If you don't ask the right questions when it comes to HIPAA's transactions rule, how [...] - Reader Questions Answered
Doctors Anonymous
Question: Are doctors required to remove their names from the outside of their buildings [...] - HIPAA quiz:
Permitted Disclosure Or Privacy Violation - Can You Hear The Difference?
Can you spot the difference between a permitted incidental disclosure and a potential HIPAA privacy [...]