• E-mail
• Print
• RSS

Limit incidentals with a clear policy, practical steps

HIM Connection, December 6, 2005

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

When it comes to HIPAA, there's a lot of confusion about incidental disclosures, says Linda Rean, health information management supervisor at Seneca Healthcare District in Chester, CA. "Incidental, by its very nature, means that there are times when you can't protect or totally exclude somebody else hearing something." For that reason, your policy should follow the HIPAA statute when defining incidental disclosures. Incidental disclosures, according to HIPAA, are byproducts of otherwise permitted disclosures.

For example, consider a doctor in an emergency room giving a nurse detailed instructions for patient care. Even if a curtain is pulled and the employees speak softly, someone may overhear, Frank Ruelas, compliance officer for Gila River Health Care Corporation in Sacaton, AZ, says.

"Those things cannot be avoided," Rean adds. "They are incidental and don't need to be documented." However, you need safeguards to limit your incidental disclosures. Realize that even with those safeguards, just because a disclosure is incidental doesn't mean you won't hear about it again. You will likely need to address inappropriate use of information obtained from an incidental disclosure and also review and revise your incidental disclosure safeguards.

Make sure your safeguards don't incorrectly classify an inappropriate disclosure as incidental. A fax to an incorrect number, an inappropriate verbal discussion, or protected health information (PHI) left in a hospital cafeteria may be inadvertent, but they are not incidental disclosures, Rean says. Rather, they are inappropriate disclosures that you will need to investigate and track.

In addition to defining incidental disclosures and providing examples, your policy should suggest ways to limit them. "You have to have a strategy," Ruelas says. "Once you have a strategy in place, it gives you a good aiming point of how to conduct yourself so that you minimize the incidental disclosures that will occur."

This strategy doesn't have to be expensive; it just needs to make a difference.

"You need to make sure you're protecting against it, so when there is an incidental disclosure, it means little to nothing," Rean explains.

Ruelas and Rean suggest taking the following steps to prevent incidental disclosures:

• Confine patient discussions to patient care areas. This is a good baseline defense against incidental disclosures. "If two employees of a health facility go out to lunch, a really big no-no is to discuss patient healthcare," Rean says. Not only is this bad manners, but it's inappropriate-even in a hospital cafeteria. Generic references to a case are okay, but specific patient references are a bad idea, she advises. Leave patient discussions for areas in which patients receive care and your strongest privacy protections are in place.
• Create privacy at admitting stations Admitting stations are often inundated with patients signing in while admissions personnel talk on the telephone. Do your best to keep patients separate so private conversations are not overheard.
• Take sight-lines into account. At Seneca, nursing stations used to have low counters. To keep PHI out of sight, Rean raised the counter height and required employees to place all patient material on a lower counter, out of the normal line of sight. "It was a small detail, but it made a difference," she says. "[Although] that might have been an incidental disclosure if we had kept the old system, it wouldn't have been a best practice." She also suggests turning computer monitors to angles from which the public cannot view them.
• Use common sense on the phone. Take steps to avoid being overheard. If possible, close the door, speak at a reasonable volume, and avoid using a speakerphone when talking about patients over the telephone, Ruelas advises.

Editor's note: This article was adapted from HCPro's newsletter, Health Information Compliance Insider.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive