Q&A: HIPAA protections for famous patients

Q: Is there anything that a hospital needs to do regarding HIPAA and the confidentiality of famous patients? Obviously employees shouldn’t snoop, but can you recommend any added protections?

A: Patients may be admitted under an assumed name, or alias, to protect their privacy. Your organization should have policies and procedures for handling requests by patients who are identified by an alias.

Educating your staff is also critical. All employees need to understand that they may only access patient information if they need to do so to perform their assigned tasks. If they access patient information without a need to know, they should be subject to disciplinary action, up to and including termination.

If you have an electronic health record, audit trails should be evaluated during the patient’s hospitalization and after discharge to determine if any unauthorized individuals have accessed the patient’s record, so disciplinary action can be taken.

Editor’s note: This question was answered by Mary D. Brandt, MBA, RHIA, CHE, CHPS. Brandt is a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. She is also an advisory board member for BOH. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.