Ask the Expert

Writing a patient identifier policy to prevent common HIPAA violations

Is it a violation of HIPAA to have a patient's Social Security number appear in full on a computer screen while a hospital employee is searching for patient information? The computer screen may be in view of other patients.

    Requires Free Membership to View

It is quite possibly a violation, depending on which hospital staff members have access to the patient system and whether or not the patient's Social Security number is being used as a patient identifier. However, if the screen is viewable by other patients, then this is almost certainly a HIPAA violation example.

In general, HIPAA mandates that technology or processes be used to prevent unauthorized individuals from viewing patients' Personal Health Information (PHI). This can necessitate encrypting the data, truncating portions of the PHI and/or limiting who has access to the data to begin with.

So with the example above, if a patient's Social Security number is being used as a unique identifier and only people who need to have access are permitted to it, the access is appropriately controlled and all of the above can be demonstrated to an auditor, which means the company is going to be in pretty good shape.

On the other hand, if some or none of the preceding is true, then there is a problem. Addressing this issue doesn't necessarily have to be expensive, however; installing privacy screens on relevant computer monitors or perhaps even changing the positioning of the monitors may take care of the problem.

Regardless, consider switching away from using Social Security numbers and developing a new patient identifier policy. SSNs were never intended to be used this way, and as I've said in previous columns, using SSNs definitely violates the spirit of the legislation.

For more information:
 

This was first published in June 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: