In response to a HIPAA breach at UMC that was reported to the Office of Civil Rights, UMC has reviewed our process. The problem we found was the designation of whether or not a patient was a privacy patient, security patient, or had requested not to have their PHI discussed in front of others, was not readily or easily seen by employees. With the help of several people this has changed. Now the Privacy/Security/Restrict Comm designation elected by the patient will appear in the banner bar, on the patient’s armband, the patient’s labels, the patient list, and the patient access list.
The patient will complete the “Acknowledgement of Receipt of Notice of Privacy Practices and Confirmation of Various Opt-Outs” (Acknowledgement). If the patient choses to be a Privacy patient, to restrict their communications, or both, the following will occur:
- Registration/admitting personnel will enter the patient’s election in IDX—this will cross over to Cerner. For direct admits that chose one of the various opt outs on the Acknowledgement, the nurse will contact the PPC. The PPC will enter the patient’s choice in IDX.
- The process for how a patient requests to be a Privacy patient will not change; see PC-24, “No Information/Privacy” Status for Patients.
- The process for how a patient requests to restrict having his/her medical information discussed in front of others has not changed, see PS-77.1, Requesting Restrictions of Communication of PHI to family and Close Personal Friends.
- The process for how a patient is designated as a Security patient will not change; see PC-36.2, “Security” Status for Patients.
- Registration/admitting personnel will scan the Acknowledgement into Onbase and send the Acknowledgement to HIM to be scanned into Cerner. The Acknowledgement may be found under consents.
