Health Information Compliance Alert

READER QUESTIONS:

SHOULD WE SOUNDPROOF OUR OFFICE?

Question:  I'm a physician in a small practice.  The walls in our office are kind of thin and you can sometimes hear voices through the walls.  Are we in violation of the Privacy Rule?  In order to be compliant, should we remodel so all the rooms are soundproof?


Texas Subscriber


Answer.  No, you are not in violation.  Covered entities, while required to make "reasonable efforts" to safeguard a patient's personal health information (PHI) and maintain privacy, are not required to eliminate all risk of PHI disclosure, according to the HHS Web site.
 
Thus, nothing in the Privacy Rule specifically requires facility renovation or significant physical restructuring.   So, for example, according to HHS, none of the following measures would be necessary to demonstrate compliance with the Privacy Rule:

• Soundproofing
• Private rooms
• Encryption of emergency medical radio/wireless equipment
• Telephone encryption

Alternatively, HHS notes that some reasonable measures to secure patient privacy might include:

• In a pharmacy, asking waiting customers to stand back from the counter while a customer receives counseling.
• In areas (for example, in a clinic or triage area) where multiple patients are receiving treatment and/or talking to their physician(s), using cubicles, dividers, shields, curtains, or similar barriers to offer some privacy.
• Ensuring that patient files are supervised or locked.

The bottom line: HHS cautions that covered entities are responsible for reviewing their own practices and determining their specific privacy needs.  A covered entity should have a clear, realistic sense of what the most pressing and dangerous privacy threats would be in its individual case, and will have to balance efforts to minimize or eliminate these threats with financial concerns (for example, financial concerns that might preclude a small practice from doing a costly renovation).  

HHS suggests that covered entities get some ideas for what they should be doing by checking out what other "prudent health care and health information professionals" are doing to safeguard patient privacy.

Other Articles in this issue of

Health Information Compliance Alert

View All