HIPAA Compliance- posting patient names on assignment board - page 2
by ivorybunny 13,182 Views | 20 Comments
I was wondering if anyone has heard about this or is experiencing this as well. I work on a cardiac tele unit with 52 private rooms. It's a very large unit and it has two distinct nursing stations. On each nursing station there... Read More
- 1Jun 20, '10 by NRSKarenRN Admina hospital customarily displays patients' names next to the door of the hospital rooms that they occupy. will the hipaa privacy rule allow the hospital to continue this practice?
the privacy rule explicitly permits certain incidental disclosures that occur as a by-product of an otherwise permitted disclosure—for example, the disclosure to other patients in a waiting room of the identity of the person whose name is called. in this case, disclosure of patient names by posting on the wall is permitted by the privacy rule, if the use or disclosure is for treatment (for example, to ensure that patient care is provided to the correct individual) or health care operations purposes (for example, as a service for patients and their families). the disclosure of such information to other persons (such as other visitors) that will likely also occur due to the posting is an incidental disclosure.
incidental disclosures are permitted only to the extent that the covered entity has applied reasonable and appropriate safeguards and implemented the minimum necessary standard, where appropriate. see our section on incidental uses and disclosures. in this case, it would appear that the disclosure of names is the minimum necessary for the purposes of the permitted uses or disclosures described above, and there do not appear to be additional safeguards that would be reasonable to take in these circumstances. however, each covered entity must evaluate what measures are reasonable and appropriate in its environment. covered entities may tailor measures to their particular circumstances.
- 0Jun 20, '10 by meandragonbrettWe have a white board with Adm. date, last name, surgeon, what ICU consult for ICU management, and the day/night nurse. Nobody has ever said a word. All of our ICUs do it this way. Joint Commission just recently visited and had nothing to say either.
Some people in administration like to think up new and creative policies and are quick to pull "Joint Comission or HIPAA says..."
- 0Jun 20, '10 by Zookeeper3Mind you my unit is smaller, but our step down with 38 patients used to list names. Instead... due to multiple compounding regulatory agencies... no name is displayed anywhere. You are expected to ask the identity of each patient and compare it to their ID band each time you enter the room. If the patient cannot comply, you manually look at the arm band and identify two identifiers, the DOB and med. record number. All our meds are scanned by this band.
This way, confidentiality is ensured and is private in each room... you never know who wanders where as far as visitors and having names posted sets you up. Just check each time, in each room and you are safe.... so is your patient.
- 1Jun 20, '10 by HeartsOpenWideIf some one directly asks to be sent to so and so's room then we will transfer them unless they specifically ask for no calls. If some one calls and ask if Jane Doe is there and/or indicates they are calling to find out if she is having a baby at our hospital because they do not know; then we can not give that information out. If some one is in the hospital and they want people to know then they will tell people. And as far as emergency situations go, its only immediate family that gets to know when they ask...not just anyone that calls.
You can not even call the Best Western and say "Do you have a Sam Jones staying there?"
- 0Jun 20, '10 by CalixanWhen I read this, I could have sworn you worked at my hospital. We do the exact same thing. Only difference is, your unit has 52 beds vs. ours only having 51 lol. We have three nurses stations since it's such a big unit and their are assignment boards at all three. We put (name alert) if someone has the same last name instead of putting the first initial but everything else is still the same. Funny thing is, I was just talking about that being a HIPAA violation about 2 weeks ago with fellow co-workers. Guess we weren't the only ones wondering.
- 0Oct 13, '10 by bmcranjanto be a breach...it has to cause certain harm and a critical mass. meaning breach has a threshold, harm threshold and number of patients threshold.
in your situation, name is breached, no other information. let us consider this situation, if the unique patient turn over is an average 2 days, in a year you have given out the names of about 1000 patients! that qualifies the critical mass!
what about the the harm threshold? only the name!
i do not see any financial harm...do you? (no socialsecurity,bank account or credit card information is given out)
reputational harm... nope, any? (would patient really care if someone knows he/she is in the hospital?)
other harm...cant think of anything.
that means, the breach need not be notified. in fact, it is not a breach which needs action to be taken or fines to be imposed!
however, let us shift the gears, take a name...say david wolfe, a google search reveals that there is a news item on that name!
who is he? his name is davidwolfe,and if you don't know him,he happens to be the most recognized super‐ nutrition authority whose fans and clients includet.harv eker, tony robbins, angela bassett, woody harrelson,and hundreds of thousands more.
he reveals step‐by‐step what to eat and what to do for immediate immunity transformation. david wolfe has been a professional nutritionist forover 16 years now and is a highly respected raw food and super food guru (or as he calls it, a "gastronaut"). known as david"avocado" wolfe or "the chocolateman," his knowledge is extensive and he believespowerfully in the statement, "what you eat becomes you. "he said,"i’m never sick. ever. i’ve pre‐loaded my body with super foods and super herbs."
now reconsider the harm threasholds:
financial harm - yes, no one will buy his product, or even sue him if they come to know he was sick and in your hospital!
reputational harm! ofcourse, his reputation of never been sick is gone!
other harms...may be...possible, one of his customer gets mad...and .....could be!
thats a breach! and all the chances patient may sue you for violation!
better be careful than create a situation to my hospital, isn't it?
so called hipaa experts are there to tell us, what to do, when we are in doubt, not to give us trouble!
(thanks to davidbehinfar,jd,llm,chc,cipp for this example)
you may connect with me if you have questions.Last edit by NRSKarenRN on Oct 13, '10 : Reason: Email safety edit -see profile.
- 0Jul 15, '12 by sharpeimom Guidewhen my great aunt was hospitalized and was gravely ill, it became tough to keep five generations of relatives updated on her condition when we were spread all over the country and beyond. plus which, it had to be done without panicking a couple of elderly relatives. we didn't want to depend on the generation above mine for updated info, but we needed to know. our solution?
if we called the hospital, we used my great grandmother's last name as a password. we then shared information, test results, how she was, how had visited in person etc. in emails that went to each of us as a group.
it meant we didn't have to bug the staff quite as much.
she, who had referred to herself as "an unclaimed treasure" for decades, could have her information shared freely with
the family, yet keep what she chose private from the nosy church circle ladies.
- 0Jul 16, '12 by jadelpn GuideMale, 56, CHF--then the doctor and nurse listed by room number. We have a white board, each room listed down the side, and the information across. It is funny, the names don't mean much--as most nurses describe patients as "the fractured hip in 553". and the doctor just wants to know where the patient is and what is wrong with them and who the nurse is. I would assume when they admitted the patient they would know who they are....or they could then grab the chart.....