Problem solve Get help with specific problems with your technologies, process and projects.

Writing a patient identifier policy to prevent common HIPAA violations

A computer screen displaying a patient's Social Security Number is one of many common HIPAA violations. Don't let your company become a HIPAA offender; learn how to write a patient identifier policy that prevents HIPAA violations.

Is it a violation of HIPAA to have a patient's Social Security number appear in full on a computer screen while...

a hospital employee is searching for patient information? The computer screen may be in view of other patients.

It is quite possibly a violation, depending on which hospital staff members have access to the patient system and whether or not the patient's Social Security number is being used as a patient identifier. However, if the screen is viewable by other patients, then this is almost certainly a HIPAA violation example.

In general, HIPAA mandates that technology or processes be used to prevent unauthorized individuals from viewing patients' Personal Health Information (PHI). This can necessitate encrypting the data, truncating portions of the PHI and/or limiting who has access to the data to begin with.

So with the example above, if a patient's Social Security number is being used as a unique identifier and only people who need to have access are permitted to it, the access is appropriately controlled and all of the above can be demonstrated to an auditor, which means the company is going to be in pretty good shape.

On the other hand, if some or none of the preceding is true, then there is a problem. Addressing this issue doesn't necessarily have to be expensive, however; installing privacy screens on relevant computer monitors or perhaps even changing the positioning of the monitors may take care of the problem.

Regardless, consider switching away from using Social Security numbers and developing a new patient identifier policy. SSNs were never intended to be used this way, and as I've said in previous columns, using SSNs definitely violates the spirit of the legislation.

For more information:

This was last published in June 2009

Dig Deeper on HIPAA

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.