[ Login ]

Home | Contact | Subscribe | Events | Jobs | EZinfo | Classifieds |  DPRWorld RSS
themagazine modernsolutions share continuing_education webexclusives
 

Patient privacy

Don’t let your gift of gab lead to a security breach. by Angie Stone, RDH, BS

During World War II, troops consisted of drafted soldiers as well as volunteer members of the armed forces. However they came to be in active duty, the truth is that these folks were citizens turned soldiers and had no knowledge of how to conduct themselves so that valuable information would not be passed on to the enemy. To help prevent this information transfer from happening, the government began a campaign to make sure enlistees followed certain rules of conduct; all soldiers were given a written document that contained the rules. The following is a quote from the document Silence Means Security: “If violation of protective measures is serious within written communications it is disastrous in conversations. Protect your conversation as you do your letters, and be even more careful. A harmful letter can be nullified by censorship; loose talk is direct delivery to the enemy. If you come home during war your lips must remain sealed and your written hand must be guided by self-imposed censorship. This takes guts. Have you got them? Or do you want your buddies and your country to pay the price for your showing off?” The campaign was referred to as, “Loose Lips Sink Ships.”  

This campaign can easily be applied to dental offices in the 21st century. Just as silence meant security for our country, it means security for patients.

OPEN DESIGN,
OPEN CONVERSATIONS

Dental offices are bound to the principle of privacy, and this principle is best maintained when confidential issues are not openly discussed. If a patient is in a closed room, privacy is easily maintained. However, many offices have gone to an open design concept which fosters community and a free feeling—not one of  isolation. While this operatory design can be more comfortable for patients, it can be detrimental to maintaining privacy. Team members need to be mindful of what they can and cannot discuss in the open environment. Discussion topics that should be guarded to ensure privacy include, but are not limited to:
Oral health issues

• Treatment planning

• Medical updates

• Personal contact information updates

• Payment arrangements

The principle of privacy states that a healthcare professional must hold in strict confidence all information gained in the course of treatment; team members are never to discuss patients outside the office. And, while talk between staff members may not breach privacy, we all need to be mindful of others that may be overhearing conversations regarding private information. If others are within earshot they can repeat information heard, which would be an inadvertent breach of privacy. 

Any disclosure of private information could prove devastating to an individual. If the wrong person got a hold of the i obtained such information it could lead to the loss of the individual’s job, credit or insurance denial, or the inability to be self-employed. Staff faceStaff members face consequences as well; breaches of confidentiality can result in lawsuits against all involved. Medical professionals responsible for the dissemination of information could have their license revoked.

UNDER LOCK & KEY

Of equal importance is the responsibility to maintain the confidentiality of health records. Before the inception of computer technology, all health information was kept in paper folders in a file cabinet. Unless someone physically broke into the office and rummaged through the files, personal health information was relatively safe. With the age of electronic exchange of information many people are now able to see private health information. For this reason, all healthcare providers have been given rules of conduct, just as the military was in the 1940s. You know them as the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy Rule.
Passed by Congress in 1996,  it is important to note that HIPAA was initiated to set a standard for electronic transfers of health data. Many medical/dental personal do not understand this important specification. After adoption of this act, Congress saw a growing need to protect the privacy and security of health data. The task of developing rules to achieve this fell to the Department of Health and Human Services. They enacted the HIPAA Privacy Rule, which many dental office personnel confuse with HIPAA—it is this rule that the medical community is bound by regarding privacy of patient information.

Detailed guidelines for the clinical environment in the actual final version of the HIPAA Privacy Rule do not contain specific guidelines for the clinical environment. Covered providers are required to implement reasonable and appropriate safeguards for the size, complexity, available resources, and technical sophistication of their businesses. Reasonable and appropriate safeguards minimize the risk of inadvertent disclosures of protected health information without harming patients, harming the health or safety of others, inhibiting providers’ ability to obtain payment, or causing excessive disruption.

For instance, a hospital may consider locking some of its file cabinets which are unsupervised most of the time because it seems like a reasonable and appropriate thing to do, given the number of cabinets and the fact that not all of them are in secure or at least constantly supervised areas. A dentist with a filing system that is under staff supervision at all times during business hours and is not accessible to unauthorized persons might think that installing locks on the filing system may be going too far. Both are correct for their situation and in compliance with the HIPAA Privacy Rule because decisions were thought out and considered reasonable and appropriate.

Another example is the placement of daily schedules. Obviously patients should not be allowed to read the schedule. This does not mean, however, that it needs to be stored in a cabinet. Even if the patient can see them, can they read the names while sitting in the chair? Would moving the schedule to a different location make any difference? Would looking for the schedule waste the time of a busy staff member? Moving the schedule out of sight might be a reasonable solution, but using a smaller font size might be reasonable as well. In order to be compliant with the HIPAA Privacy Rule, offices need to think of a reasonable way to minimize the risk of a breach of privacy and then implement what works best for their individual situations.

Angie Stone, RDH, BS, spent five years on active duty in the United States Navy in the dental profession. After her enlistment ended, she spent the next nine years dental assisting before beginning her dental hygiene career, and has since served as an adjunct instructor of clinical and didactic dental hygiene and dental assisting. She also functions as a consultant for the Head Start Program and consults with dental business and hygiene operations through McKenzie Management. Contact her at angie@mckenziemgmt.com.

References

Bird and Robinson. Torres & Ehrlich Modern Dental Assisting. Edition: 7th. Publisher: Saunders
“HIPAA Basics, Medical Privacy in the Electronic Age” http://www.privacyrights.org, obtained 1-28-08 http://www.dhhs.gov/ocr/hipaa/privacy.html, obtained 1-28-08

“Loose Lips Sink Ships,” EyeWitness to History, www.eyewitnesstohistory.com (1997), obtained 1-20-08

1 of 1
 
Do you offer polishing for every patient?

Yes

No

I only do it if they request it