Protecting a patient’s right to privacy is a big deal for health care providers, including Cook County North Shore Hospital & Care Center. Employees sign a confidentiality agreement and receive training in HIPAA— the federal Health Information Portability & Accountability Act. Helping everyone stay in compliance is Teresa Hanson, the hospital’s privacy officer. On August 22, 2013, she briefed the hospital board on what this entails.
Privacy is more of an issue now than it used to be, and practices have changed because of it. The food preferences of Care Center residents can no longer be displayed on a white board in the kitchen. Supplies with their names on them can no longer be visible from open cupboards.
Computer security is a new area of confidentiality that must be addressed. Emails with client information on them must be encrypted and include statements about who is and is not entitled to view the contents. Business associates have mutual confidentiality agreements.
“The biggest breach in all hospitals is overheard conversations,” Hanson said. Hospital employees are only allowed to exchange or view information that is necessary for the task at hand. Even doctors must leave an “electronic footprint” of where they have been in a patient’s records. Co-workers try to remind each other to be mindful of potential HIPAA violations.
Greg Johnson, the hospital’s information technology specialist, said they avoid storing patient information on individual hard drives, but when that’s not possible, they get them professionally destroyed when the hard drives are replaced. They have security measures for people using PDAs and iPhones, but they require extra steps. “Often security isn’t convenient,” he said.
Every user in the hospital’s computer system has a secure password that is a bit complicated, Johnson said. It must have capitals and lower case letters, a symbol, and a number. He coaches employees on how to come up with a phrase they can easily remember that will give them clues regarding their password, such as, “Today I spent $20 on shoes.”
The hospital backs up the information on its computers and keeps backups in two separate, secure places. They could do “cloud” computing in which data was stored in cyberspace, but that would be more expensive, Johnson said.
St. Luke’s President John Strange and Vice-President Sandra Barkley said ex-spouses, grandchildren, and daughters-in-law peeking into medical records without authorization tend to be the most common violators of confidentiality among employees.
HIPAA violations are violations of law, and medical facilities are held legally responsible for them, even when an individual employee is the violator. Because of this, insurance does not cover damages related to security breaches.
North Shore Hospital has been working with Minnesota-based Community Health Information Collaborative (CHIC) to make information, with patient permission, available among providers regarding what other facilities a patient has been to. CHIC recently partnered with Orion Health, a global health technology company, to upgrade its technological capability so that information about a patient’s medical history can also be accessed with patient permission.
The partnership will operate HIE-Bridge, Minnesota’s state-certified health information exchange (HIE).
Quality assurance
Quality assurance coordinator Jeannette Lindgren talked to the board about how much reporting is required to demonstrate that patients have been receiving proper care. Different government agencies each have different reporting requirements.
A lot of the questionnaires they have to fill out are extremely detailed and labor intensive. Lindgren said care center nursing administrator Mark Abrahamson must complete a 33-page report on each patient every quarter for Medicare.
Everything they do for patients has to be documented, Lindgren said – helping a care center resident eat a meal, changing their socks— and each task affects the funding.
“Isn’t there some unified measurement that they could come up with at the federal level?” board member Tom Spence asked.
“You let us know how that goes!” said John Strange.
Hospital Administrator Kimber Wraalstad said the regulations are about providing proper care to patients. “We care about accuracy all the way around,” she said— for the welfare of the patient as well as to ensure reimbursement.
Telemedicine
The board discussed the goal of establishing a telemedicine program outlined in its strategic plan. A grant is allowing the hospital to purchase videoconferencing hardware, and new broadband capabilities will enable it to be used. Whether this is the direction health professionals think they should go is another matter.
A hallmark of the practice of medicine is seeing a patient and touching him or her physically, John Strange said.
Physician Milan Schmidt agreed. “There’s therapeutic value, too, to touching our patients physically,” he said.
Some things might work well for telemedicine, said Sandra Barkley, such as with kids who might feel less intimidated talking to a doctor through a TV screen. A lot of physicians are hesitant to use this technology, however, because it might not work well with the kind of medicine they practice, she said.
Leave a Reply