Washington, DC (PRWEB) November 12, 2014
For its November issue, Atlantic Information Services, Inc.’s Report on Patient Privacy (RPP) obtained exclusive interviews with Emory Healthcare’s Anne Adams, chief compliance officer and chief privacy officer, and Vince Dollard, assistant vice president for communications, about the challenges they faced and strategies they employed in maintaining HIPAA compliance for the Ebola patients the hospital recently treated. While most U.S. hospitals will never care for a patient with Ebola, Emory’s experience offers important privacy lessons applicable to other types of high-profile patients.
In some respects, the groundwork for special privacy precautions had already been laid, Dollard and Adams explained. All Ebola patients were admitted to Emory’s Serious Communicable Disease Unit, which Dollard says was established in collaboration with the Centers for Disease Control and Prevention to treat that agency’s employees. By default, the names of individuals in this unit do not get added to the patient directory, and instead are assigned a status of “no information.” Not only does Emory not provide information about the patient’s condition, the hospital also neither confirms nor denies if the patient is being treated. Although the Ebola patients and their families gave interviews throughout their treatments, they “did not want to come off our formal ‘no information’ status and we respect their right to privacy,” Dollard told RPP. When faced with pushback from the media, Dollard said he routinely included links to information about HIPAA in email exchanges with reporters.
Internally, Adams said, Emory sent repeated email reminders to hospital employees warning against sharing information even if no patient names are used, and especially not on social media. The hospital also enabled controls on its electronic medical records system: employees who try to access Ebola patients’ information are stopped by a dialog box asking them to check a box indicating they were authorized to view the information before the system lets them view it. Emory is running audit trails to see who’s accessing these patients’ records.
Visit http://aishealth.com/archive/hipaa1114-02 to read the article in its entirety, which also includes an interview with John Burkow, associate director for communications and public liaison for the National Institutes of Health, on how the agency managed its communications and privacy for the two Ebola patients it treated.
About Report on Patient Privacy
Report on Patient Privacy is the health industry’s #1 source of timely news and business strategies for safeguarding patient privacy and data security. Published for hospitals and other providers, health plans and other HIPAA-covered entities and business associates, the 12-page newsletter focuses on privacy issues that can result in huge fines, penalties and public relations nightmares, including: security breach notification; business associate relations and agreements; and new federal privacy rules for marketing, fundraising, privacy notices, minimum necessary, patient rights and safeguarding privacy in EHRs. Visit http://aishealth.com/marketplace/report-patient-privacy for more information.
About Atlantic Information Services
Atlantic Information Services, Inc. (AIS) is a publishing and information company that has been serving the health care industry for more than 25 years. It develops highly targeted news, data and strategic information for managers in hospitals, health plans, medical group practices, pharmaceutical companies and other health care organizations. AIS products include print and electronic newsletters, websites, looseleafs, books, strategic reports, databases, webinars and conferences. Learn more at http://AISHealth.com.