Ask the Expert

Is it against HIPAA regulations to display client names?

I work in a residential group home for mentally ill adults. I have to keep telling my boss that displaying full client names on bulletin boards and desk tops is a violation of HIPAA. She has removed most of the posted memos that contain client names, but all the client charts, with their full names displayed, are kept on a bookshelf in the office--visible to anyone who enters the office. Isn't this also in violation of HIPAA?

    Requires Free Membership to View

The reality of HIPAA and every other information security-oriented regulation is that violations and compliance are subjective based upon the judgment of the auditor. Without seeing the environment and the other defenses you have in place, I can't say if that is a violation of HIPAA or not.

Relative to your specific question, client names shouldn't be displayed out in the open, but the answer to the problem can be as easy as draping a curtain over the bookcase so the names are no longer visible to anyone walking by the work area in question.

My point here is not to minimize the importance of your issue, but to point out that there are usually multiple ways to solve any problem. More indicative of your environment is a general disdain for patient privacy. This seems to be more of a cultural issue (if I can make that assessment based on a one paragraph question).

The only way to change culture is by mandate and consistent enforcement of that mandate. The top executive would need to mandate that patient privacy is important. Someone will likely need to be terminated as a result of ignoring the mandate for the troops to really get the picture.

That is usually bad medicine, but until you were to get a significant fine (which is unlikely, given the current lack of HIPAA enforcement) or be sued by a client, nothing is likely to change without that mandate.

For more information:

  • Discover if collecting consumer SSNs is considered a HIPAA violation.
  • IT pros in the healthcare sector claim that constant security improvements are necessary for compliance.
  • This was first published in December 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: