Semi-private rooms—-violating HIPPA?

Home Forums General Discussion Semi-private rooms—-violating HIPPA?

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #26080
    PremedRNPremedRN
    Participant

    There is one thing I just cant understand with all these new HIPPA regulations that has come into effect. How are we not allowed to answer whether or not patient such and such is in the hospital, or disclose ANY information when a lot of hospitals have a semi-private rooms with only a thin curtain separating the two beds? Patients can overhear each others conditions, and this is clearly not very confidential. How can HIPPA regulations be legitimate, when semi-private rooms are allowed? This seems to be defeating the purpose. Any thoughts?
    —Dana

    #26081
    amykamyk
    Participant

    HIPAA (not HIPPA — Health Insurance Portability and Accountabilty Act, iirc) is rather thinly implemented all the way around. My husband works in hospital information systems, and I know a little about what goes into keeping patient info secure. There are gaping holes all over the system, and the main problem is money. Complete info security is extremely expensive to implement.

    The main goal, as I understand it, is to keep access to large stashes of patient info secure. To make it v. difficult, in other words, to dig up info on a specific individual or to simply steal entire patient-info databases. Some of this is easy (lock medical-records rooms, avoid having receptionists recite patients’ home/insurance data for everyone around to hear); some is not (find and pay for hospital systems software and networking that takes security seriously; train staff to ditch the password sticky-notes, say no to official-sounding voices they don’t know asking for info, and quit leaving patient data lying around). So while it is a breach of security to have the patient on the other side of the curtain listening in on his random roommate’s case, as far as HIPAA is concerned, this is a regrettable but minor problem.

    If you read the security and privacy sections in HIPAA, you’ll also see that many of the provisions are optional if the medical group can show it would be prohibitively expensive to implement them. Private rooms for all patients would fall under that rule.

    amy

    #26082
    PremedRNPremedRN
    Participant

    Yeah whatever, I just spelled it like we pronounce it at the hospital.
    I just have a problem with it not being okay to say yes such and such is here, and it being okay for the person on the other side of the curtain knowing how a patient’s pelvic inflammatory disease caused from a venerial disease is being treated.
    The hospital I work at—every inpatient has a private room. Most hospitals aren’t set up that way.
    So in other words, if it’s cost effective, your confidentiality will be protected.

    #26083
    maggie52maggie52
    Participant

    I agree, HIPAA is mostly for show and although the “thin curtain” is an excellent point, the confidentiality isn’t upheld anywhere else perfectly either!

    #26084
    amykamyk
    Participant

    I think there’s a big difference between “for show” and “thinly implemented”. I don’t think HIPAA is for show; the intent and the law are serious. The problem is in forcing hospitals etc. to do all that’s required by the law, incl. exploring security holes and documenting why they can’t afford to fix them and/or why they’re not serious problems. Part of the problem is medical groups’ having more immediate problems to deal with; part of it’s that few groups are used to thinking in terms of privacy, and many administrators are just ignorant of what it involves, why it’s important, etc.

    It is possible to force administration’s hand. But we’ve found here that it involves a good deal of admin education, a map of where the problems are (esp. in tech areas), and a summary of how to fix or at a minimum document. Many admins don’t realize that their liability can be absolutely enormous. Leave open patient data for a few tens or hundreds of thousands of people, and the ID theft potential is tremendous. Often you’ve got DOB, SSN, patient no., address, phone, and name of kin along with medical info; I imagine in some places you’ve got ID images. If security people aren’t very good or aren’t paying attention, they may not even know they’ve been robbed.

    I found the same problem with HIPAA’s earlier incarnation in the late ’90s, when it was primarily a “you keep your insurance if you lose your job” measure. Plenty of insurance co’s that had to be bludgeoned into paying for claims HIPAA made them responsible for. Did some of that myself.

    amy

    #26085
    amykamyk
    Participant

    PremedRN — well, almost. The hospital has to be able to show that it would be financially damaging. They also have to show they’ve explored the problem and costs to fix it. There are actually a few levels of privacy/security measures in HIPAA — required, required if you can afford it, and it’d be nice. An awful lot falls under “it’d be nice”. But have a look at it in the Federal Register if you want, it’s pretty straightforward reading. http://aspe.hhs.gov/admnsimp/FINAL/FR03-8334.pdf

    I have a feeling a good deal of this will come down to “reasonable standards” in the courts — if most hospitals find a particular privacy measure infeasable, all hospitals will be exempt.

    amy

    #26086
    AlyssaAlyssa
    Participant

    The thing that bothers me is the obvious violations that happen. At the hospital I work at, I go down for a snack in the cafeteria, and there is a department “Breakfast Meeting” happening. I can hear anything they are saying unless I deliberately try not to. They are talking about Tommy’s status on his lung problem…There is no way that that should be happening. If you want a “Breakfast Meeting” (Especially since it’s EVERY Saturday morning) get a “small dining room” (A small private room off the Main Dining Room.) I understand that people want things to be confidential, and I understand HIPAA trying to gaurantee this…but doctors and nurses need to understand that their patients are people and not just a case. That they have feelings. If it was one of those nurses that was being discussed, they would throw a fit.

    I work up in research and I NEVER know the persons name. I only get PID numbers or code names. Even then we DO NOT discuss things in the cafeteria…We always say…”I need to talk to you upstairs when you are done”

    Ok, end of rant…been wanting to tell someone of those doctors and nurses for awhile.

    #26087
    PremedRNPremedRN
    Participant

    Alyssa,
    You are right, that is a total breech. When we have our meetings with social services/case managers etc, we are in a closed off waiting room with the door shut. I cant imagine tha hospital allowing it any other way.
    That’s too bad.

    #26088
    DONOTDELETE ****DONOTDELETE**
    Participant

    Alyssa, the people to tell aren’t the doctors & nurses; it’s the legal dept or internal audit. In writing and save a copy. Check first on your ombudsman situation in case doctors get snarky and there’s some attempt at retaliation, more likely in some places than other.

    amy

    #26089
    DONOTDELETE ****DONOTDELETE**
    Participant

    whoops — forgot to mention whoever’s in charge of HIPAA implementation should be either addressed directly or copied on that note. The idea is to make it so none of the parties responsible for implementation can say they didn’t know. Once that happens, change is more likely.

    amy

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.