This document discusses strategies for protecting patient privacy and confidentiality. It recommends performing regular privacy audits to identify vulnerabilities, training staff on HIPAA regulations, securing computers and paper records, limiting discussions of sensitive health information, using individual passwords and screen savers, and considering patient feedback to ensure privacy is maintained. Protecting patient confidentiality is essential for building trust between healthcare providers and patients.

1. PROTECTING PATIENT PRIVACY AND CONFIDENTIALITY
BY WANDA SANDERS
Confidentiality is the right of an individual to have personal, identifiable medical
information kept private. Such information should be available only to the physician of
record and other health care and insurance personnel as necessary.
Patient confidentiality means that personal and medical information given to a health care
provider will not be disclosed to others unless the individual has given specific
permission for such release.
Health care organizations should have comparable confidentiality and security polices;
implement security controls over sensitive patient information (e.g., HIV status,
pregnancy termination, and history of mental health problems or drug and alcohol abuse);
maintain good system security; train staff and secure agreements concerning
confidentiality and security.
This presentation will provide recommended strategies on how to improve and ensure
patient privacy and confidentiality.
PERFORM REGUALAR AND RANDOM PRIVACY AUDITS
Privacy audits start by identifying ways personal health information is collected, stored,
and transmitted within health care organziation such as a doctor’s office or hospital. A
walk through of every process should be performed from registration to discharge from
the perspective of employees and patients, observing every verbal exchange, paper form,
and computer entry. There should be an evaluation of existing processes for ways that
privacy could be breached and correct any deficiencies as necessary.
TRAIN STAFF ON HIPPA REGULATIONS
Staff members should be trained and able to articulate the scope of HIPPA regulations,
describe examples of personal health information and differentiate between authorized
and unauthorized disclosures. In addition to training every new hire on HIPPA
compliance, seasoned staff members should complete continuing education regarding
HIPPA guidelines yearly. Using role playing examples of scenarios will make training
more relevant and memorable.
USE OF COMPUTERS
Computers should face away from view and contain peripheral “privacy shields.” If
patient charts are not in use they should be closed or flipped over, charts should never be
left in exam rooms, and if staff has to move away from a task, the patient’s chart should
never be left unattended.

2. HAVE ELECTRIC SHREDDER OR LOCKED SHRED BINS AVAILABLE
Documents containing personal health information that are no longer needed should be
shredded and disposed in proper containers. Documents should never be left in the trash.
If shred bins are used, they should be locked and a reputable mobile shredding service
should empty bins on a regular basis.
LIMIT CONVERSATIONS ABOUT PATIENT HEALTH INFORMATION
Staff should always be aware of who is around them and what information could be
overheard. If it is necessary to discuss a patient’s health information, communications
should be deferred to areas where patients and visitors cannot overhear. Such
communications should be at a controlled volume. Health information should be strictly
on a “need to know” basis for doing one’s job. Staff should never pursue patient charts
out of curiosity or gossip about a patient’s health or services received.
REQUIRE INDIVIDUAL PASSWORDS AND ACTIVIATE SCREEN SAVERS
Staff members will have unique and confidential individual password access to the
applications they are authorized to use and staff should never be permitted to share
passwords. Three minutes of computer inactivity will activate a “screen saver” to conceal
any personal health information; once inactive users will have to re-enter passwords to
resume work.
CONSIDER AND ACT UPON PATIENT COMMENTS
Patients may not know the details of HIPPA and what constitutes an unauthorized
disclosure, they are sensitive and will often make comments about activities and
processes they feel may compromise their privacy. Patient concerns will always be taken
seriously, evaluated and acted upon if appropriate. For example, if a patient believes
others can hear his communication with staff, a solution may be to construct a privacy
barrier or ask the patient to step into an office or exam room to discuss their concerns.

3. CONCLUSION
Patient confidentiality is one of the most important pillars of medicine. Protecting the
private details of a patient is not just a matter of moral respect, it is essential in
retaining the important bond of trust between health care professionals and their
patients. The relationship between health care professionals and their patients/clients
centers on trust, and trust is dependant on the patient/client being confident that
personal information they disclose is treated confidentially.