The primary issues within this doctor’s office concern privacy. The following information should provide clarity on federal regulations concerning health care and privacy. Recommendations will follow.
Patient privacy is an integral aspect of any physician’s office and is mandated by both federal and state laws. With the implementation of the Health Insurance Portability and Accountability Act (HIPAA) Standard for Privacy of Individually Identifiable Health Information, the HIPAA Privacy Rule, these requirements have become more stringent. The HIPAA Privacy Rule takes precedence over state laws and details how the patient health information (PHI) can be shared. This rule is applicable to all forms of communication, including oral, paper, and electronic methods. For HIV patients, these requirements are even more stringent (U.S. Department of Health and Human Services, n.d.).
The U.S. Department of Health and Human Services (HRSA)(n.d.) identifies three major areas of concern for treating patients with AIDS while providing guidelines for health Information Technology (IT). These are as follows:
Privacy. There is a certain stigma applied to individuals who have been diagnosed with HIV. This stigma can cause social and professional discrimination. The information for patients with HIV can be shared only on a need-to-know basis. This means that this information cannot be shared with any individual or entity that is not involved in the treatment of HIV for this patient. When information does need to be shared for treatment purposes, the absolute minimum is allowable. Any further information is considered to be a HIPAA violation. This information cannot be shared with a physician who is treating the same patient for other issues. State laws may provide more stringent guidelines in addition to the federal laws.
Reporting. It is mandatory to release this information to the Centers for Disease Control and Prevention (CDC). Since this reporting requirement includes personal information, such as the patient’s name, there are certain considerations to apply. The information can be sent via the U.S. Postal Service (USPS) or it can be sent via e-mail., the manner of transmission must be secure. If e-mail is utilized, it must be encrypted to adhere to this regulation.
Complex Health Care Needs. The majority of HIV patients have other conditions that require treatment from another provider. These other conditions are considered to be comorbid due to the commonality with HIV, such as Hepatitis C, tuberculosis, AIDS-related cancers, substance abuse, and behavioral health issues, in addition to a variety of complex, expensive medications. Electronic health records (EHR) provides a comprehensive solution to coordinate care by track referrals issued from all care providers, clinical messaging, and sharing electronic records through a secured method. EHRs also provide the capability to allow patients to have access to their personal information and schedule appointments.
The primary threats to the HIPAA regulations can occur within the medical facility, other facilities that support the patient’s care, and from outside sources. ‘Accidental disclosures’ can occur when conversations are overheard or certain staff members or when monitor screens are invariably viewed by those who do not need to see that information. ‘Insider subornation’ occurs when anyone knowingly accesses patient information to release it to anyone else for any purpose. ‘Uncontrolled secondary usage’ occurs when others who may have access to the patient’s information exploits that information for any reason. ‘Unauthorized access’ pertains to access by those who do not have permission to view those records. This can include data theft, disgruntled employees, or anyone else who attempts to cause harm or damage. All of these issues present threats to the practice and are in violation of HIPAA laws. EHR provides the ability to combat these issues by providing availability to those who require this access, accountability to place responsibility on those who have access, limited access to reduce the amount of information that is accessible in order to perform job functions, and comprehensibility and control to provide clarity and effect control concerning all aspects of privacy and access (Rindfleisch, n.d., p. 7).
The simplest issue to correct is the patients’ ability to see the computer monitors from the waiting room. There are two options: rearrange the office space so that no monitors can be seen from the waiting room or invest in monitor privacy screens or filters. Privacy filters limit the side angles from which the screen can be viewed by approximately 30 percent. This restricts the screen from being seen unless one is directly in front of it. Privacy screens are available with a non-glare coating, which further limits unauthorized viewing (Optical Filters, n.d.). These screens are available at any business that sells computer equipment, including office supplies stores. The second issue is the waiting room conversation. First, that employee, and all employees, should receive specialized training concerning patient privacy issues and the HIPAA laws as well as state regulations. Second, that employee should be disciplined concerning the HIPAA violation. This action should be conducted in privacy. Third, effective policies concerning privacy need to be developed and in place to prevent these issues from reoccurring. Lastly, invest in EHR to apply effective solutions by providing the necessary security to ensure privacy.
References
Rindfleisch, T.C., (n.d.), Confidentiality, Information Technology, and Health Care. Retrieved on 19 April 2015 from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.18.2296&rep=rep1&type=pdf
U.S. Department of Health and Human Services, (n.d.). How Can I Maintain Patent Privacy in a Health Information Technology System? Retrieved on 19 April 2015 from http://www.hrsa.gov/healthit/toolbox/HIVAIDSCaretoolbox/SecurityAndPrivacyIssues/howcanimaintainpat.html
U.S. Department of Health and Human Services, (n.d.), What Issues are Unique to HIV/AIDS Care with Respect to Health IT? Retrieved on 19 April 2015 from http://www.hrsa.gov/healthit/toolbox/HIVAIDSCaretoolbox/Introduction/whtissuesruniq.html
Optical Filters, (n.d.), Privacy Filters. Retrieved on 19 April 2015 from http://www.opticalfiltersusa.com/privacy-filters.html
