Health Information Management

Q&A: Surgery schedule posting vs. HIPAA privacy

HIM-HIPAA Insider, June 14, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q: Posting the surgery schedule has been a recent topic of discussion at our hospital. Who should receive a copy of the surgery schedule? Does posting the schedule at nurses' stations as a reference for unit clerks violate HIPAA? Our business office also receives this information, which it requests for workers' compensation issues.

A: The minimum necessary standard should govern distribution of the surgery schedule. Specifically, the schedule should be available only to those who need it to perform their jobs, and those staff members should receive only the information they actually need.
 
Review the current distribution list to determine which individuals or departments receive copies of the schedule. Then contact all of them and ask why they need the information, what they do with it, and the what the minimum amount of information is that they need. You may find that many recipients are receiving the list because they like to know who's having surgery, but don't have a legitimate business need for the information.
 
Consider creating two versions of the surgery schedule. One version could be the full schedule, including the specific surgical procedures being performed. Surgery staff may need this version for scheduling and room setup. Nursing administration may need it to determine staffing ratios.
 
The second version could omit the specific surgical procedures. Staff could use this version in the surgery waiting room to help answer family members' questions and to direct surgeons to the appropriate families for postoperative updates.
 
Unit clerks and the business office are unlikely to need a copy of the full surgery schedule. Posting the full schedule at nursing stations for anyone to view is unacceptable.
 
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question in the June issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular