 |
 |
  
|
|||||
|
|
Managing Your Practice Protect Your Patient's Right to Privacy1
|
|||||
|
Every medical practice and hospital has an obligation to ensure the confidentiality of patients' medical information and the patients' privacy. While not common, lawsuits that allege a breach of privacy are costly and difficult to defend. With a heighten awareness of patients' right to privacy both on the national and state levels, health professionals should know what medical information state and federal laws require them to hold confidential. The following situations could expose physicians, nonphysician clinicians, nurses, and office personnel to liability if confidential medical information is improperly disclosed; however, if these situations are properly handled, patients' privacy can be protected and physicians' liability risks reduced: Make certain that a patient's written authorization to release information is in his/her chart. Physicians and their employees must avoid disclosing confidential patient information by telephone to unauthorized persons. Anyone can claim to be an attorney, insurance representative, or employer authorized to receive confidential information. Unless one has positive identification of a caller, giving out any medical information is risky. Even with the patient's permission, the caller's identity should be verified by asking the caller to leave a telephone number you can check and call back. Be wary when callers refuse to leave a phone number and insist on calling again. To facilitate telephone inquiries from a patient's health insurer, employer, or attorney, first obtain the patient's written authorization to release information. Ask the requesting party to submit its first inquiry in writing on letterhead or a form which includes the company's name, address and telephone number. Assign a random code number to the claim and tell the representative that the code must be mentioned to obtain status reports by telephone. (Do not use the insurer's claim number or the patient's social security number, as they are not necessarily confidential.) Use a similar system for requests for status reports from workers' compensation carriers. Office personnel should never be pressured into releasing information on the telephone if proper authorization has not been provided. Reputable insurance representatives, lawyers and others are aware of the confidentiality laws and do not insist that a patient's privacy rights be ignored. The safest approach to ensuring confidential information is properly released on the telephone is to submit status reports to requesting insurers, attorneys and others in writing. Except in emergencies, a patient's authorization is required to release information to new physicians or other health care providers. Patients should be made aware that medical information is customarily shared between referring and co-treating physicians. Inquiries from a patient's family or friends In many states, a spouse is not entitled to know confidential medical information about the other spouse simply because they are married. Similarly, without written permission, concerned relatives and friends have no right to know another person's confidential medical information. To avoid disputes about who is entitled to receive a patient's medical information, ask patients on their first visit to list the names of those individuals, including a spouse or adult children, to whom medical information may be released. MIEC's Welcome to Our Office registration form provides a space where patients can write the names of people authorized to receive medical information without additional written consent. For a copy of the form, contact MIEC's Loss Prevention Department or download the form from our website at www.miec.com. Click on "New to Practice?" or "Policyholder login," then "Loss Prevention newsletters," and "Forms." Before surgery, ask patients to identify one person to whom the surgeon can give a postoperative report that can be shared with other relatives and friends. All inquiries from concerned family and friends can be referred to the designated person. State laws identify what types of medical information a physician can disclose to the parents or guardian of a minor patient. In a number of states, a physician may be barred from disclosing to a minor's parent the fact that the minor has been treated for a sexually-transmitted disease, drug or alcohol abuse, or pregnancy-related conditions. In some situations, disclosure to a parent about a minor's treatment may be at the physician's discretion. Contact county and state medical associations for information about specific state laws concerning privacy rights of minors; MIEC's Loss Prevention Department can answer general liability questions about the rights of minors and disclosure of medical information. Inform your staff of restrictions on disclosure of medical information as it pertains to minors. Drug, alcohol and mental health treatment information and disclosure of HIV status Federal and/or state laws may prohibit disclosure of any information about mental health, drug or alcohol abuse treatment, or a patient's HIV test result, unless the patient specifically consents. Some states require separate release forms for records relating to these medical conditions. Call MIEC's Loss Prevention Department if you are in doubt about your state's specific requirements, or contact county and state medical associations for state-specific laws about disclosure of HIV test results, and drug, alcohol and mental health treatment information. Phone messages to a patient's home or place of employment Leaving messages concerning medical treatment or test results with another person at a patient's residence or place of employment may violate the patient's privacy, unless the patient has authorized you to do so. Rather than giving information about test results or medical recommendations, leave your name and phone number, and a request that the patient return the call. Some attorneys recommend that callers not indicate the call is from a physician's office or hospital. Avoid leaving messages at a place of unemployment unless the patient has indicated you may do so. Note: Leaving a message advising a patient to call back for significant medical information, such as a positive lab test or X-ray report, may not relieve the provider of responsibility to inform the patient should the patient fail to return the call. The person who takes the message is not obligated to ensure that the patient receives it. And, for a variety of reasons, the message may not reach the patient in a timely manner. Keep track of such calls; if the patient does not respond within a reasonable amount of time, make another attempt or send the patient a certified letter that includes information and an explanation of its significance or a request that the patient promptly call the office. As persons other than the intended recipient might have access to answering machine playback, avoid leaving confidential messages on these devices. Instead, leave only a name and telephone number and ask the patient to return the call, or ask patients for permission to leave messages on their answering machines. MIEC's Welcome to Our Office registration form provides a space where patients can indicate that they have an answering machine, and can mark "yes" or "no" in response to whether office personnel may leave messages on it. Using e-mail to communicate with patients Before using e-mail as a form of communication with patients, ask yourself a few questions. How will you use e-mail in your practice? Will you invite patients to submit questions about their health concerns? Do you intend to advise them via return e-mail to: (1) come to the office for examination; (2) provide more information, so that you can respond more meaningfully; (3) go to an emergency department; or, (4) follow medical advice contained in your e-mail reply? If you answered "yes" to any of these questions, consider whether the ease of communicating with your office by e-mail will encourage patients to seek medical advice or treatment recommendations by e-mail as an alternative to an appointment or examination. For a complete discussion about e-mail, see Special Report Claims Alert, Number 24, titled "Using e-mail to communicate with patients and other health professionals: What are the pros and cons?" If confidential test results are mailed to patients, send them in a sealed envelope. Do not use a post card, which might be read by others and embarrass the patient. Liability specialists recommend that appointment reminder notices also be sent in sealed envelopes. Some patients do not want others to know that they are seeing a doctor. When physicians send medical information by facsimile ("fax") devices (with a patient's authorization), they should take steps to ensure that the information is transmitted to the correct facsimile telephone number. To avoid breaching a patient's privacy, use a fax machine that records the number to which the fax was sent, so that it may be double-checked, or call the receiving office after the transmission for confirmation that the confidential information has been obtained. Conversations in reception, treatment and dining areas Crowded conditions, limited space, the proximity of telephones to patients waiting in reception areas, and inattention may allow others to overhear intimate details of private medical conversations. Physicians, nurses, other health care providers, and office staff should make an effort to conduct confidential conversations and sensitive phone calls in private areas of the office or hospital. Avoid using patients' names when being overheard is unavoidable. It is unethical and unprofessional (and probably illegal) for health care employees to discuss a patient's case with colleagues or friends who are not involved in caring for the patient and therefore have no right to know this confidential information. When possible, close doors to treatment areas to assure patient privacy. Physicians and others should avoid discussing patients' cases or any confidential matters in corridors, elevators, or dining areas where passers-by may overhear. Even when actual patient names are not disclosed, the fact that health professionals openly discuss confidential patient information suggests to those who might overhear that no one's privacy is respected. Store medical records in a secure location Medical records, laboratory, X-ray, and consultants' reports should not be left on desks or counters where unauthorized persons may see them. Store charts in a secure location that can be locked at night. Ensure that computer screens, on which medical information may be logged, are not visible to passers-by. Check your software program for the ability to "password protect" your screen saver. For example, Microsoft Windows has this capability. Once set, the screen saver cannot be disengaged by moving the mouse unless the user has the screen saver password. Mandatory disclosure of confidential medical information A number of states have laws that require physicians to report to health agencies the names of patients who are diagnosed as having a communicable or contagious disease or conditions characterized by lapses of consciousness. Most states require health professionals to report cases involving suspected child and elder abuse or an individual's stated threat to harm another. In addition, physicians may be required to disclose medical information to coroners and, in some circumstances, to law enforcement agencies. As state laws vary and change periodically, health professionals should consult their medical association or MIEC for information about current mandatory reporting requirements. 1Adapted with permission from the Loss Minimizer section of Medical Liability Monitor, September 1991.
|
|||||||
|
|||||||
