Privacy violations in an ER?
May 27, 2012 1:49 AM   Subscribe

Recently I had to spend a few hours in a psychiatric emergency waiting room where none of the staff seemed to have any consideration for the privacy of the patients being triaged there. Are any of the things I experienced violations of HIPAA or the like, and if so, what, if anything, would you do about them? (Details inside.)

These things happened:

1. The first waiting room was next to the initial triage room where patients were briefly interviewed, had their vitals taken, etc. The glass between these rooms must have been paper thin, because I heard every single thing every patient in there said.

2. While I was being interviewed, the charge nurse was interrupted several times by a subordinate. He asked questions about patients using their first AND last names. At no time during any of my interviews was the door shut.

3. One patient was doing her intake interview in the hallway outside one of the waiting rooms. There were a number of vacant rooms, so it seemed a bit weird to do pre-counseling in the hallway.

4. Another patient had her intake data taken IN the waiting room. Full name, home address, why she was there, where she worked--all right there in the corner while she cried in her pajamas.

Am I weird for thinking this is way over the top? Should I do something about it, and if so, what?
posted by xyzzy to Law & Government (11 answers total) 4 users marked this as a favorite
This document is what you're looking for.

Relevant sections (though the entire document is relevant):
Q: Can health care providers engage in confidential conversations with other providers or with patients, even if there is a possibility that they could be overheard?
A: Yes. The HIPAA Privacy Rule is not intended to prohibit providers from talking to each other and to their patients. Provisions of this Rule requiring covered entities to implement reasonable safeguards that reflect their particular circumstances and exempting treatment disclosures from certain requirements are intended to ensure that providers’ primary consideration is the appropriate treatment of their patients. The Privacy Rule recognizes that oral communications often must occur freely and quickly in treatment settings. Thus, covered entities are free to engage in communications as required for quick, effective, and high quality health care. The Privacy Rule also recognizes that overheard communications in these settings may be unavoidable and allows for these incidental disclosures.

For example, the following practices are permissible under the Privacy Rule, if reasonable precautions are taken to minimize the chance of incidental disclosures to others who may
be nearby:
* Health care staff may orally coordinate services at hospital nursing stations.
* Nurses or other health care professionals may discuss a patient’s condition over the phone with the patient, a provider, or a family member.
* A health care professional may discuss lab test results with a patient or other provider in a joint treatment area.
* A physician may discuss a patients’ condition or treatment regimen in the patient’s semi-private room.
* Health care professionals may discuss a patient’s condition during training rounds in an academic or training institution.
* A pharmacist may discuss a prescription with a patient over the pharmacy counter, or with a physician or the patient over the phone.

In these circumstances, reasonable precautions could include using lowered voices or talking apart from others when sharing protected health information. However, in an emergency situation, in a loud emergency room, or where a patient is hearing impaired, such precautions may not be practicable. Covered entities are free to engage in communications as required for quick, effective, and high quality health care.
Googled "hipaa emergency room intake", btw.
posted by disillusioned at 2:13 AM on May 27, 2012 [1 favorite]

Thanks. :) That's exactly what I needed to know. And kind of surprising, too.
posted by xyzzy at 2:26 AM on May 27, 2012

Yes and no. The institutional cost of HIPAA is already insanely high. It's a good law in that it keeps your information from being disseminated to horrible people and organizations with hefty repercussions in place. But there's a practicality that has to be observed: as the document says, quick, effective, and high quality health care trumps health care privacy in situations where the burden would be too great.

In your specific case, I'm really surprised that the nurses used names. My fiancee's a nurse supervisor (though NOT on the ER unit, so that may be different) and I've *never* heard her refer to patients by name. When I'm visiting on the unit, they use room numbers exclusively. I'm pretty sure this is their SOP even when visitors aren't there.

They also have semi-private rooms, and some shared rooms, and sometimes they have to overflow into the hallway. (They're a large level 1 trauma center, and they're modernizing their ICU, for instance, so things will get interesting since they'll be splitting an overflow unit with the ICU now.)

This is unfortunate, but I think you have to think of HIPAA as a law intended to keep people from nefariously accessing and using your private health data against you (future employers, muckrakers, corporations looking to market to you, etc.), and not so much as a guarantee that no one else in the hospital where you're actively being treated will overhear anything. It's simply not reasonably actionable in any meaningful way for most cases (what are you going to do with the information you overheard, for instance, even if you're intent is evil) and if you require a higher standard of privacy, you can probably request that no problem.

ER wait times are brutal enough without them having to assign and move you to a private intake room just to listen to you talk about where it hurts, to put it bluntly. Most people just want to get admitted as quickly as possible.

Your quality of care is their top priority. Your privacy is on the list, absolutely, but it's further down, and that's why that document specifically still allows for listing conditions outside patients rooms ("high fall risk", "diabetic diet") and the like: it's more important that that information be readily accessible and well disseminated than it is to place a barrier to it that slows down your care or could jeopardize it.
posted by disillusioned at 2:52 AM on May 27, 2012 [5 favorites]

It is also important to reflect upon how much money ERs lose for hospitals. Procedures have low reimbursement rates and the bad debt and charity care write offs are huge. If the government started to go after ERs for HIPAA, that would be just the excuse hospitals need to close their ERs.
posted by MattD at 4:41 AM on May 27, 2012

Just popping in to say that I worked as a nurse's aid in a busy ER for a few years in college, and I couldn't have answered your question better than disillusioned has. We had a color system on our charts in which one color meant that we had to take more care than usual with privacy. It was always on the charts of minors, DV victims, patients of gang-related violence, and psych patients.
posted by Kevtaro at 5:04 AM on May 27, 2012 [1 favorite]

Chances are the hospital has an ombudsman or patient advocate - why not call/send a note saying "I get that you have exigent circumstances, but the full names, addresses, etc. - come on, try a little."

Most hospitals (even emergency departments) that I've been in pay a little bit of attention to this, at least. The full names thing, I've never experienced - first names, yeah, but not surnames. No one really cares very much about symptom/diagnosis privacy (I have never been in a dedicated psych ER, but I have been in one where they did psych intake with everyone else.) But identity stuff they're a bit more cautious about, in my experience (which mostly predates HIPAA.)
posted by SMPA at 6:08 AM on May 27, 2012

Well, it wasn't really a typical ER. It's a dedicated psych ER that functions as a triage center for all the local hospitals. At the time I was there, it was deserted except for a couple of patients and about half a dozen staff members. I can totally understand not being able to control what everyone can hear at all times, but I truly was startled by the interview of a distressed patient IN the waiting room when there was literally an entire hallway of empty rooms. By the time he was done I knew where she lived, worked, some sordid details about why she was there, and the date of her last period. It was just so very odd. But apparently not any kind of violation, based on the document disillusion linked.
posted by xyzzy at 7:04 AM on May 27, 2012

Maybe the person doing the intake had a reason to prefer being in a common area because of the patient's particular symptoms, or the incident that precipitated their arrival?
posted by snuffleupagus at 7:35 AM on May 27, 2012

My hospital has a prominent sign at the intake area that says something like "privacy of conversations in this area can not be guaranteed". In smaller writing it tells you you can request a private interview if you like. I assume that would take longer.
posted by ctmf at 11:53 AM on May 27, 2012

HIPAA was passed to prevent employers, insurers and health care providers from discriminating against people based on their health conditions, and to protect people from having this information shared without their permission. It was not passed to make all health information so strictly secret and private that no human being can access or overhear it ever no matter what.
posted by croutonsupafreak at 1:06 PM on May 27, 2012

I just took HIPAA and IRB confidentiality training last week. The course indicated that it was acceptable to talk about patients/subjects in public areas if reasonable discretion was used.
posted by easy, lucky, free at 8:05 PM on May 27, 2012

« Older Replacement wheel for luggage   |   What the waltz? Newer »
This thread is closed to new comments.