GUIDANCE (Oct.
2006)
Questions
My co-workers say incidental disclosures of protected health information (PHI) are allowed under HIPAA if reasonable safeguards are used to prevent a patient privacy violation, but I don't know what that means.
- What is an incidental disclosure?
- What are some safeguards I can use and examples of specific situations where these practices can be applied?
- What is the right way to share information with the people who are treating a patient (the treatment team)?
Answers
General privacy principles founded in state law and the HIPAA Privacy Rules are not intended to prohibit the treatment team from talking to each other and/or to their patients. Of course, others outside the treatment team may be in the general area during these discussions and may overhear information that they do not need to know. While reasonable precautions should be used to avoid sharing patient information with those not involved in the patient's care, it is possible that minor amounts of patient information may be disclosed to people near where patient care is delivered or being coordinated. This is referred to as an incidental disclosure.
Privacy principles do not prohibit an incidental disclosure of patient information so long as reasonable safeguards are taken to minimize the disclosure. What is reasonable depends on the situation.
For example, in an emergency the need to provide quality care may necessitate loud communications. On the other hand, in a non-emergent situation, discussing a patient's condition in front of other patients, visitors, or family members in a hallway is not appropriate. The key is balancing the objectives of safeguarding confidentiality while engaging in communications for effective and high quality health care.
Reasonable safeguards include:
- Avoiding conversations about one patient in front of other patients or their visitors/families.
- Lowering voices when discussing patient information in person and/or over the phone.
- Avoiding conversations about patients in public places, such as elevators, public hallways, or the cafeteria.
Examples
The following examples illustrate how reasonable safeguards are used to minimize the chance of disclosing patient information to others who may be nearby:
-
Healthcare staff may orally coordinate services at hospital nursing stations, but should avoid yelling down the hallway or having conversations in areas where patients or visitors/families are standing.
-
Nurses or other health care professionals may discuss a patient's condition over the phone with the patient, a provider, or a family member, but should speak quietly.
-
Nurses or other health care professionals may discuss a patient's condition face to face with a patient, a provider, or a family member who is permitted to receive this information, but should do so in a semi-private area so to avoid others from over hearing the conversation.
-
A physician may discuss a patient's condition or treatment regimen in the patient's semi-private room, but he/she should ask the other patient's visitors/family to leave, pull the curtain, and speak quietly.
-
A health care professional may discuss test results with a patient or other provider in a joint treatment area, but should speak quietly.
-
Healthcare professionals may discuss a patient's condition during training rounds, but should speak quietly and avoid having conversations in public areas where patients and families are present.
Please contact the HIPAA Program Office at 4-9716 if you have any questions.
| Quick
Links: Accounting of Disclosures HIPAA Privacy Review HIPAA Reference Sheet Quick Reference Guide Useful Links HPO@bsd.uchicago.edu |
Call 4-9716 for more details.
The University of Chicago Medical Center | 5841 South Maryland Avenue | Chicago, IL 60637
HPOwebmaster@bsd.uchicago.edu