Q&A: Making architectural changes to prevent disclosures

Q: Does the HIPAA Privacy Rule require facilities to make structural changes like soundproofing or private rooms in order to prevent disclosures that could occur from overhearing conversations?

A: No, the Privacy Rule does not require facilities to make structural changes. It does, however, require reasonable safeguards and minimum necessary policies and procedures to protect an individual’s privacy. Common safeguards include:

• Asking staff to speak quietly with family members in a waiting room or other public area
• Avoiding the use of patient names in public hallways and elevators
• Isolating or locking file cabinets and record storage areas
• Using password protection for computers that contain PHI

Editor’s note: This question was answered by Mary D. Brandt, MBA, RHIA, CHE, CHPS. Brandt is a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. She is also an advisory board member for BOH. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.