October 31, 2003

MGH patient confidentiality campaign focuses on employee privacy

Since the creation of the Hippocratic oath, protecting the privacy of patients has been an important part of the physician's code of conduct. These days, health information may be available to organizations and individuals who are not subject to medical ethics codes, but may work with health information as part of their job responsibilities. As uses of health information have multiplied, so have regulatory protections. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provided the first federal protection for health information.

This past year, the MGH embarked on a mission to raise the awareness among employees, physicians and contractors about the importance of ensuring health information privacy for all patients. "Medical information is among the most sensitive and personal information collected and shared. Privacy is central to the doctor-patient relationship. We at the MGH are committed to privacy and act in a way that preserves the trust and respect of those whom we serve and with whom we deal," says Eileen Bryan, of the MGH Privacy Office in Health Information Services.

The MGH will recognize National Health Information Management Week, Nov. 2 through 8, with MGH Health Information Services hosting its annual confidentiality awareness campaign. This year's theme is "Caring for patients while respecting their privacy, remembering that employees are patients too."

Information tables will be available in the Main Corridor with tips about protecting privacy, a confidentiality quiz and raffle prizes. Staff from Health Information Services and other departmental representatives will be on hand to help answer questions. 

The focus of this year's campaign is to help MGHers understand proper access of an electronic or paper medical record of any physician, nurse, co-worker, friend, or other person with whom an employee has a working or personal relationship. Accessing medical information of any such persons for reasons other than providing clinical care or some other reason based on a "need to know" is a breach of the hospital's confidentiality policies and may result in corrective action.

Accessing records to obtain demographic information – such as an address, telephone number or birthday – is an inappropriate use of the system. In these cases, employees should ask their managers and use proper methods other than the health information system.

"We know it's hard working around confidential information every day and remembering that even if it's a colleague we really care about, we have to forget what we saw and what we heard," says Bryan. "Just like we want our colleagues to get only the best possible care and services – we owe it to each other to give them the same respect and dignity regarding their privacy as our other patients. After all, it's their health, their privacy and their choice."