Maintaining patient privacy during an emergency

Terrie B. Estes (terrie.estes@YNHH.ORG) is Vice President, Corporate Compliance & Chief Compliance Officer, Yale New Haven Health, in New Haven, CT. Peter A. Khoury (pkhoury@deloitte.com) is a Deloitte Risk and Financial Advisory Senior Consultant in Deloitte & Touche LLP’s Philadelphia office. Kaitlin McCarthy (kaimccarthy@deloitte.com) is a Deloitte Risk and Financial Advisory Senior Manager in Deloitte & Touche LLP’s Boston office.

In healthcare, every day brings about new emergencies, and compliance professionals are often tasked with assisting their organizations to navigate through them. To patients and their families, every emergency is significant and requires discretion and privacy of patient health information. A visit to a hospital often evokes fear and anxiety, not only for the patient, but also for their families and loved ones. Each type of emergency may require a different level of use and/or disclosure of protected health information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), with the potential of requiring disclosure to government, public health, relief, or other entities. Some events may even bring about immense, and sometimes challenging interest from media outlets.

To prepare and respond efficiently to these situations, compliance professionals should:

  • understand the governing rules and regulations associated with using and disclosing patient information;

  • evaluate the need to create policies, procedures, and trainings that outline how to handle patient information; and

  • plan and develop different scenarios with colleagues.

Recent events have also brought about clarification and reinforcement from Health and Human Services (HHS) to commonly accepted practices for disclosing patient information during emergency situations. Many emergencies are different in one element of the incident or another, and how one may respond can depend on various facts and circumstances. Establishing a management response plan with defined roles and a designated team may facilitate a faster and more coordinated proactive response.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field