March 28, 2003 Deadline for HIPAA compliance coming soon
HOTLINEmast.gif (13932 bytes)

mgh logo.gif (3422 bytes)

March 28, 2003

Deadline for HIPAA compliance coming soon

As of April 14, the federal Office of Civil Rights will be enforcing the Health Insurance Portability and Accountability Act (HIPAA), which is a comprehensive federal law that gives patients the right to restrict certain uses of their medical information and to provide more privacy protection. HIPAA-related training has been taking place throughout the hospital for the last 10 months with a goal of complete compliance of 17,000 MGH employees by April 1.

According to Eileen Bryan, MGH project manager for HIPAA, most of the hospital training has been conducted through live presentations to large departments and through video training for smaller departments. Both give a broad overview of what protected health information is, what rights patients now have over their health information and what the hospital's legal duties are.

As part of the new Privacy Rule, after April 14 every new and established (non-emergency) patient will need to receive a copy of the MGH Privacy Notice prior to any care or service provided. The MGH Privacy Notice details how patients' personal information is used and secured at the hospital. It explains their rights and the hospital's legal duties in regard to their health information. In addition, anacknowledgement of receipt of the privacy notice also will be given to patients with a request for their signature. Both will become a part of patients' electronic and hard copy medical records.

"Safeguarding patient information has long been a priority at the hospital," says Bryan. "Now with the new regulations, we must inform patients in writing how we perform the day-to-day activities of caring for them. There is nothing new in how we use this information. What is new are some additional patient rights in regard to their personal health information."

As health care workers, MGHers see and hear confidential information every day in their jobs. It sometimes is easy to forget the importance of keeping that information private — particularly in this high-tech age of computers, fax machines, personal digital assistants, cell phones and pager systems. MGHers should be reminded that it is the responsibility of all staff and employees to keep patient information confidential.

HIPAA now makes patient confidentiality the hospital's legal obligation. Below are key points in keeping patient information safe:

  • Keep confidential any information that includes, but is not limited to, the patient's name, medical condition, emotional status, financial situation or other personal information.
  • Be careful to access, share or discuss patient information only on a need-to-know basis, when it is required for an employee to do his or her job or if a patient has given permission.
  • Be mindful of surroundings when discussing patient information. Avoid discussing patients in any public place.
  • Keep confidential papers, reports and computer data in a secure place. Retrieve confidential papers from fax machines, printers, copiers, mailboxes and conference tables as quickly as possible.
  • Follow best practice guidelines when using technology such as fax machines, e-mail, cell phones and pagers for confidential communications. These guidelines can be found on the MGH HIPAA website listed below.
  • Do not put paper copies of patient information in regular trash bins. Place them in blue recycling bins in which contents are shredded.

For more information about HIPAA guidelines and training, visit the MGH HIPAA Resource website at http://is.partners.org/mghintranet/hipaa/.
Return to the March 28 table of contents