A few weeks ago, I went to a new doctor for a consultation. While waiting alone in a patient room for the doctor, I noticed a monitor attached to the wall. It showed a color-coded appointment schedule with last names of every patient coming in that week. I wondered what I else I could access if I tried to use the computer (Don’t worry, I didn’t try).
When I checked out after my appointment, I saw three patient files open on the reception desk. I also saw another monitor, with a patient’s X-ray prominently displayed. While my PHI wasn’t visible to others that day, I realized it could be. I felt disrespected. I didn’t go back. Instead, I asked around for another doctor – one with good privacy practices – and will fork over another copay to see a different doctor.
I also happened to receive an outpatient procedure this year, at a hospital. Upon arrival, nobody asked me to sign in on a sign-in sheet visible to others. I received a buzzer so my name would not be announced in the waiting room. My identity was verified several times – discreetly and kindly: by asking for insurance cards; double checking my ID bracelet, etc.
Nobody likes going to the hospital. It’s expensive. It’s time away from work, kids, etc. And yet when I left, I was raving about my experience. At the hospital. Why? Because they respected me when they protected my privacy. In return, I appreciated them.
What’s the difference between these two examples? A HIPAA mindset. A mindset that elevates customer service and translates into patient satisfaction.
The greenhouse effect
In March, I had the pleasure of speaking about HIPAA and social media at the National Association of Rural Health Center’s annual conference in San Antonio. A woman in the second row shared a conversation she had with a patient of the Rural Health Center where she works. This woman was careful not to mention any PHI when talking to the patient. But, she mentioned the patient’s greenhouse. When she hung up the phone, another patient in the lobby said: “I know who that patient is – she has the best greenhouse in town!”
Who would have thought that a patient could be identified by a greenhouse? That’s unexpected. The woman who shared this story has a HIPAA mindset. First of all, she recognized this as a potential HIPAA privacy concern right away. Secondly, she immediately began contemplating: What exactly is PHI? What can we do better to protect it? This approach constantly evolves practices in a way that puts patient privacy first.
Moving toward a HIPAA mindset
For many healthcare employees, HIPAA is very important. But, it’s not our first job. Our first job is treating patients, processing claims, making appointments, etc. But all of these jobs can be performed better with a HIPAA mindset.
How can we elevate our respect for patient privacy? Brainstorm with your team. How could PHI come up unexpectedly? How has PHI come up unexpectedly for staff members? How can we be on the lookout for PHI? How can we use our conversations to show patients respect? Lots of people will have stories to tell, and solutions to share. Use the secret shopper approach: have someone with a HIPAA mindset actually experience every procedure where information is exchanged between patient and institution; critique and reform.
In the future, when it is time to upgrade your space, if HIPAA is a mindset, it will be incorporated into your design. How can your design maximize privacy? What changes would you make to the nurses’ station? The reception desk? The waiting room? Where the fax machine is kept?
With a HIPAA mindset, you, too, can elevate patient care.