Don’t forget about your Patients: Help them, help you!
Recap: From employees to volunteers to trainees to management – everyone needs to undergo HIPAA training to learn what their responsibilities are in the workplace when it comes to keeping Patient information private and secure. They only have once chance to do it right – you can’t replace a Patient’s privacy once it’s lost!
But what about the Patient?
Just as the Doctors and hospital staff may all have been educated on HIPAA policies and procedures – it is important to educate Patients how to protect their own privacy, and the respect the privacy of other Patients.
Which leads us to ask: For the Patient – What should and should not be allowed in the hospital?
It used to be, that talking on cellphones was not allowed in the waiting room – and signs would be put up to remind Patients not to have phone conversations that might disturb other Patients.
Now that cellphones have become smartphones, and Patients can take photos and videos with them — do Clinicians and institutions create new policies to cover off on picture taking? Arguably a Patient, or their family and friends, while in the waiting room may take a picture and post on a non-secure site like Facebook – which is not just a disruption to other Patients, but a violation of their privacy!
I saw the sign.. and it said “no picture taking” in the Doctor’s Office.
Technically, Patients cannot violate HIPAA – but practices are still duty-bound to do all they can to create an environment that respects patients and their privacy
One solution is posting signage like the one below, that covers off on both phone interruptions AND any photographic or recording equipment.
Help them understand the rules, help yourself minimize the risks.
If you do post signage saying that picture-taking is not permitted. John C. Parmigiani, a nationally recognized expert in HIPAA compliance, advises hospitals to post signs at the entrance to the emergency department or near emergency department examining rooms stating that picture taking is not permitted. That way, if a visitor ignores the rules, takes a picture and posts it online, the hospital can at least demonstrate that it was exercising reasonable measures to protect patient privacy. “To me, the posting prohibiting picture taking would represent another example/level of ‘due diligence’ on the part of the hospital,” Parmigiani says.
Kate Borten, president of The Marblehead Group, a firm that provides information security and privacy consulting for the healthcare industry, concurs. Borten explains that the HHS expects healthcare providers to take “reasonable” measures to protect patient privacy, but also “accepts situations such as waiting rooms where patients can be seen by the public or a family member accompanying a patient to a bed in the ER. As long as the hospital wasn’t doing something out of the norm, then it shouldn’t have any liability when a member of the public snaps a picture.”
The spirit of HIPAA pushes not just for the respect of patient privacy by Clinicians, but other Patients as well. So do your part – and make the rules clear not just to your employees but to your Patients as well.
Don’t make your 15 minutes of fame be the result of a patient snapping pictures in your office and the legal nightmare and loss of patient confidence that ensue!