All across the country, emergency departments ditched their whiteboards for fear of violating patient privacy under HIPAA. Some misinformed patient safety officers also advised EDs to cover patient charts with colored plastic sheets to prevent laypeople from seeing patient information as they walked through the ED.
The results: Staff couldn't find patients, and sentinel events occurred, from x-rays being performed on the wrong patient to another receiving the wrong medications, and all of them experienced delays. An outside consulting firm hired to evaluate the performance of the emergency physician group and patient flow in the emergency department immediately faulted the leadership for these lapses, and instructed the emergency department to replace its whiteboard.
The Health Insurance Portability and Accountability Act, HIPAA, was passed in 1996, and even now, significant misunderstandings, myths, and convoluted reasoning about HIPAA remain.
The Privacy Rule was intended to provide federal protection for personal health information and to accord patients various rights about that information. The rule does, however, permit disclosure of personal health information needed for patient care. The law was never meant to endanger patients or to prevent physicians, nurses, hospital staff, and other providers from sharing personal health information (PHI) necessary for safe and effective patient care.
Confusion abounds about HIPAA, however, with myriad causes to blame, from delays and revisions of the original law and varying state laws to myths perpetuated by vendors and embellishments by accrediting bodies, notably the Joint Commission, not to mention the lack of clarity in the original law. Political battles, numerous revisions during the rulemaking by the Department of Health & Human Services, differing state requirements, variation in interpretation by different agencies, and a subset of unscrupulous marketers all created a cacophony of HIPAA misunderstanding.
Multiple commercial resources are available about HIPAA, but even the best may fail to clarify the law, particularly on penalties and risk. It is best to rely on a definitive source from the government directly. To its credit, the Department of Health and Human Services has been trying to dispel the myths that have been circulating all these years, largely through summaries, guides for the public and covered entities, and the “Frequently Asked Questions” on its web site. (http://bit.ly/HIPAA-FAQs.) HHS is now providing clearly worded, succinct, and easily accessible information to clarify what was intended under the HIPAA Privacy Rule.
The most dangerous HIPAA myths are those that result in not disclosing patient information necessary for patient care and safety. Particularly in an ED, physicians and other providers must have immediate access to patient information, including from private physician offices in the community. Unfortunately, this frequently doesn't happen. Information can be shared via fax, e-mail, or phone, and the Privacy Rule recognizes that oral communications often must occur freely and quickly in treatment settings. Covered entities are free to engage in communications as required for quick, effective, and high-quality health care. Of particular interest to emergency practitioners, the government recognizes that “in an emergency situation, in a loud emergency room, or where a patient is hearing impaired, such precautions may not be practicable,” and information may be overheard because sharing patient information is more important than privacy. The Privacy Rule also recognizes that overheard communications in these settings may be unavoidable, and allows for these incidental disclosures.
An improper balance between privacy and patient care can often be seen in the arduous precautions espoused by numerous “experts” as compared with the level of protections actually envisioned by HIPAA (e.g., hiding patient's identities so that health care providers cannot quickly and safely identify and locate patients).
Given the priority placed by the government on patient care and safety, not opposed to patient privacy but balanced with it, why have hospitals across the country been taking down their white boards that facilitate tracking ED patients? These boards have a specific purpose: patient safety. In a busy ED, it is imperative that all hands on deck know who is in the ED, where each patient is, and can at a glance distinguish between the room that holds a woman in labor and the room with the severe asthmatic. These boards, similar to ones in the OR, are a means of communicating patient information to everyone involved in patient care. They are for safety's sake, and are not prohibited by HIPAA.