Question: We're a busy four-doctor orthopedic office, and our physicians are trauma surgeons for one of the few trauma hospitals around. One of our doctors asked whether there is a confidentiality violation in the surgery lounge at this hospital, possibly against him, because the names of the patients scheduled for surgery that day have their names posted on a big surgery board. Drug reps and other sales-related people and other employees (nurses, sanitation, et al.) frequent this lounge. Answer: As with all covered entities, hospitals need to make reasonable efforts to reduce the amount of patient information seen by visitors, says Kristen Rosati with Coppersmith Gordon Schermer Owens & Nelson in Phoenix.
First of all, is this is actually a violation? If it is a violation, does this doctor have the right to ask the trauma hospital to change its policy?
"While posting the surgery list in the surgery lounge certainly is not a HIPAA violation, if visitors regularly come to the lounge, the hospital might consider putting the surgery list in a binder to reduce the information seen by outsiders," Rosati explains. She says posting the surgery list is considered a "health care operations" function, and if an outsider sees the list, it is considered an incidental disclosure "as long as the institution has taken reasonable safeguards to minimize that exposure."