HIPAA, the “Health Insurance Portability and Accountability Act of 1996,” provides federal protection of patient health information. As part of our continuing efforts to educate employees, today’s HIPAA-related message is on minimizing incidental disclosures.
Question: What are incidental disclosures under HIPAA?
Answer: Incidental disclosures occur when people see or hear protected health information (PHI) when they do not have a “need to know” that specific information. The Privacy Rule permits certain incidental disclosures that occur as a by-product of another permissible or required use of the information. Health care providers must apply reasonable safeguards and disclose only the minimum amount of PHI necessary to accomplish the purpose of the communication.
Ways you can minimize incidental disclosures are:
- Don’t leave medical records open in patient care areas where visitors can read them.
- Avoid discussion of patient care issues in public areas. If there is no reasonable alternative, use lowered voices and minimize information discussed.
- Discuss patients’ conditions with relatives in private counseling rooms when available instead of the waiting room.
- Pull curtains in semi-private patient rooms and treatment areas.
If patients request communications in a more private setting, we must attempt to accommodate all reasonable requests.
If you’re a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.