PRIVACY ARTICLES: a series of articles written about privacy for individual publication or for group publication

Case Study

HIPAA Patient Privacy

Scenario: Twenty-five people are sitting in a physician’s waiting room. The receptionist is on the telephone with a patient. As the receptionist takes down the patient’s name, address and medical history, she repeats everything she writes in order to confirm its accuracy.

Issue: Health Insurance Portability and Accountability Act ("HIPAA") patient privacy violation? Yes! Twenty-five people now know this patient’s name, address and medical history. Fortunately, unless the patient complains about the disclosure now, you have until April of 2003 to develop and implement safeguards to such an egregious violation of the patient privacy laws.

Next Steps Towards HIPAA Compliance: Some but not all of the next steps include:

Discuss HIPAA compliance requirements and issues with your staff. It is critical that your staff begin to now develop an awareness of the requirement to protect confidential patient information.

Begin to examine all of the ways that patient information is currently disclosed for nontreatment, nonpayment and nonoperational purposes. This critical assessment is needed to protect the unauthorized disclosure of such information for these purposes. This assessment will also prepare you to answer patient inquiries regarding how their protected health information is currently being disclosed for such unauthorized purposes.

Develop written policies and procedures on maintaining the confidentiality of protected health information.

Designate a privacy officer to develop and implement the privacy compliance program.

Consider October 2002 as the effective date for compliance for the HIPAA transaction data set requirements.

Integrate your HIPAA compliance program into your fraud and abuse compliance program. These compliance programs share many of the processes in common and should be used to bolster one another.

It is not too early to begin to develop and implement a HIPAA patient privacy compliance program. October 2002 and April 2003, implementation deadlines for transaction data set requirements and patient confidentiality, respectively, are just around the corner!

For more information, please Call or E-mail

Articles page HIPAA page top of this article