Q

Writing a patient identifier policy to prevent common HIPAA violations

A computer screen displaying a patient's Social Security Number is one of many common HIPAA violations. Don't let your company become a HIPAA offender; learn how to write a patient identifier policy that prevents HIPAA violations.

Is it a violation of HIPAA to have a patient's Social Security number appear in full on a computer screen while a hospital employee is searching for patient information? The computer screen may be in view of other patients.

It is quite possibly a violation, depending on which hospital staff members have access to the patient system and whether or not the patient's Social Security number is being used as a patient identifier. However, if the screen is viewable by other patients, then this is almost certainly a HIPAA violation example.

In general, HIPAA mandates that technology or processes be used to prevent unauthorized individuals from viewing patients' Personal Health Information (PHI). This can necessitate encrypting the data, truncating portions of the PHI and/or limiting who has access to the data to begin with.

So with the example above, if a patient's Social Security number is being used as a unique identifier and only people who need to have access are permitted to it, the access is appropriately controlled and all of the above can be demonstrated to an auditor, which means the company is going to be in pretty good shape.

On the other hand, if some or none of the preceding is true, then there is a problem. Addressing this issue doesn't necessarily have to be expensive, however; installing privacy screens on relevant computer monitors or perhaps even changing the positioning of the monitors may take care of the problem.

Regardless, consider switching away from using Social Security numbers and developing a new patient identifier policy. SSNs were never intended to be used this way, and as I've said in previous columns, using SSNs definitely violates the spirit of the legislation.

For more information:
 

This was first published in June 2009

Dig deeper on HIPAA

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close