Oct 24, '10 by NRSKarenRN. BSN, RN Moderator
no it is not a hipaa violation when resonable precautions are taken:
a. outgoing shift asks permission of patient.
b. multiple family present: ask patient who may stay during report
c. close curtain between paitents and in quieter voice discuss plan of care including patient in discussions
hhs.gov: hipaa regs
incidental use and disclosure. the privacy rule does not require that every risk of an incidental use or disclosure of protected health information be eliminated. a use or disclosure of this information that occurs as a result of, or as "incident to," an otherwise permitted use or disclosure is permitted as long as the covered entity has adopted reasonable safeguards as required by the privacy rule, and the information being shared was limited to the "minimum necessary," as required by the privacy rule.27 see additional guidance on incidental uses and disclosures .
general provision. the privacy rule permits certain incidental uses and disclosures that occur as a by-product of another permissible or required use or disclosure, as long as the covered entity has applied reasonable safeguards and implemented the minimum necessary standard, where applicable, with respect to the primary use or disclosure. see 45 cfr 164.502(a)(1)(iii). an incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the rule. however, an incidental use or disclosure is not permitted if it is a by-product of an
underlying use or disclosure which violates the privacy rule.
reasonable safeguards. a covered entity must have in place appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the privacy rule, as well as that limit incidental uses or disclosures. see 45 cfr 164.530(c). it is not expected that a covered entity's safeguards guarantee the privacy of protected health information from any and all potential risks. reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business. in implementing reasonable safeguards, covered entities should analyze their own needs and circumstances, such as the nature of the protected health information it holds, and assess the potential risks to patients' privacy. covered entities should also take into account the potential effects on patient care and may consider other issues, such as the financial and administrative burden of implementing particular safeguards.
many health care providers and professionals have long made it a practice to ensure reasonable safeguards for individuals' health information - for instance:
- by speaking quietly when discussing a patient's condition with family members in a waiting room or other public area; by avoiding using patients' names in public hallways and elevators, and posting signs to remind employees to protect patient confidentiality; by isolating or locking file cabinets or records rooms; or by providing additional security, such as passwords, on computers maintaining personal information.
d laws, s amato - rehabilitation nursing, 2010
incorporating bedside reporting into change-of-shift report