PURPOSE:
The purpose of this policy is to outline appropriate Uses and Disclosures of Protected Health Information (PHI) by the Department of Health Services (DHS) that are incident to Uses and Disclosures otherwise made in accordance with the Privacy Standards of the Health Insurance.
DEFINITION(S):
Incidental Uses or Disclosure means a Use or Disclosure of PHI that is incidental to or a byproduct of a Use or Disclosure otherwise appropriate under or permitted by HIPPA. An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and occurs as a result of another use or disclosure that is permitted.
POLICY: DHS may permit disclosures of PHI that are incidental to other permitted disclosures.
PROCEDURE:
-
DHS’ Workforce Members may make Uses or Disclosures of PHI that are incidental to or a byproduct of a Use or Disclosure permissible under HIPAA and under DHS’ HIPAA-related policies and procedures without an Authorization under the following circumstances:
A. Workforce Members must comply with DHS’ Policy on Uses, Disclosures of, and Requests for PHI in Compliance with the Minimum Necessary Standards; and
B. Workforce Members must apply reasonable safeguards to limit the Incidental Use or Disclosure of PHI (see DHS Policy No. 361.23 “Safeguards for Protected Health Information”).
Although incidental disclosures may occur as a result of conducting business and providing patient care, reasonable precautions should be taken to minimize their occurrence as much as possible. Staff shall be reminded that prior to providing or discussing sensitive patient care when others are present to never hesitate to ask the patient first. Incidental disclosures include, but are not limited to:
-
Being overheard when discussing patient’s PHI with that individual, his or her family members or other Workforce Members or Medical Staff; -
Leaving minimal information in messages on answering machines; -
Information posted in/on exam room doors, patient sign-in sheets, patient charts, pharmacy display boards, and while calling out a patient’s name in the waiting room; -
Individuals in a waiting room sign their name on a log sheet and glimpse at the names of the other patients; -
Visiting family members or other persons not authorized to access PHI walking by medical equipment or other material containing PHI; -
Physicians talking to patients in semiprivate hospital rooms or nurses communicating with others in public areas where there is a potential for the conversation to be overheard; -
DHS staff orally coordinating services at their desks, in medical clinics or at hospital nursing stations; -
Nurses or other health care professionals discussing a patient’s condition over the telephone with the patient, a provider, or a family member; -
Health care professional discussing lab test results with a patient or another provider in a joint treatment area; -
Health care professional discussing a patient’s condition during training rounds in an academic or training environment; or -
Pharmacist discussing a prescription with a patient over the pharmacy counter or with a physician or patient over the telephone.
II. Accounting for Disclosures. Incidental uses and disclosures made by DHS in accordance with this policy are not required to be part of an accounting under DHS Policy No. 361.21, “Accounting of Disclosures.”
REFERENCE(S)/AUTHORITY:
45 Code of Federal Regulations, Parts 160 and 164; 164.502(a)
DHS Policies:
361.4, “Use and Disclosure of Protected Health Information (PHI) Requiring Authorization
361.8, “Minimum Necessary Requirements for Use and Disclosure of Protected Health Information (PHI)”
361.21, “Accounting of Disclosures”
361.23, “Safeguards for Protected Health Information (PHI) |