Be prepared to identify "reasonable" safeguards to satisfy HIPAA
HIM Connection, March 28, 2003
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Dear Colleagues:
According to the HIPAA privacy rule, each covered entity is charged with developing privacy policies and safeguards for uses and disclosures that are the "best fit" for their organization. The term "reasonable" is used throughout the rule and refers to the legal principle that an action be judged on the basis of what a reasonable person would do under the circumstance. "Reasonable" is intended to make both the privacy and security rules scalable and flexible, so that all organizations (no matter the size) can adopt them as applicable to their environment. It is recognized that total privacy may never be accomplished, and so organizations should strive to take a reasonable approach to ensuring confidentiality. It must be noted, however, that "reasonable" does not necessarily mean what is common practice, if common practice is not considered reasonable for the situation.
A practical example of "reasonable" that has been widely discussed is the use of white boards in emergency departments. Although HIPAA does not explicitly prohibit white boards, there are both personal safety and privacy issues associated with identifying patients by name in a visible location in what tends to be the rather public environment of the emergency department. So, the question is: What can be "reasonably" done to better protect patient privacy? The following are suggested solutions:
- Use patients' first and last initials only.
- Use an X and Y to indicate male or female occupancy of a room.
- Evaluate acquisition of an automated emergency department location system which uses colors to indicate occupancy and status of activity in each room.
Claims that identity is required to help verify that the correct patient is being treated is not valid. Many emergency departments have not used patient names for a long time due to safety reasons. Furthermore, the identity of the patient should always be checked via use of a wristband and other characteristics that would be found in the patient's chart.
This week's HIM Connection was adapted from the book "HIPAA Made Simple: A Guide to Fast-tracking Compliance, Second Edition." This book provides you with a practical guide to implementing the administrative simplifications regulations under HIPAA. It's geared toward helping to ease your workload in these demanding days of preparing for HIPAA compliance. For more information, or to order your copy, click here.
Sincerely,
Kim Raines
Managing Editor
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- HIPAA Q&A: Level of encryption needed for email
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Hospitals are not bound by InterQual criteria for determining patient status
- ED-to-inpatient transfers are flawed with safety gaps
- Searched