Medical Professional Publications

Privacy Matters: Protecting Patient Health Information

(From the Spring 2013 issue of Everything Matters: In Patient Care)

Jill Z. Choi, MBA, RHIA, CHPC, Director, Health Information Management & Privacy Officer

In today’s health care setting, privacy and security of health information is a real concern for patients and their families. At Nationwide Children’s, there are many ways that staff support privacy and security in their daily work in order to provide the best experience possible for our patients.

The hospital has enacted the use of “Care Codes” in both inpatient and outpatient settings to make communication between caregivers and families easier. In the inpatient setting, the care code is the last four digits of the patient’s current account number. If a parent chooses, they can provide this four-digit number to family and friends which would allow them to call the nursing unit for updates. On the outpatient side, parents choose a special word to be saved in the EMR system. Again, they can choose to share this word/code with family and friends. For example, if an extended family member needs to call in to verify an appointment location or wants to ask treatment questions, staff can provide them with the information only if they are able to provide them with the code. It is a great way to empower families to take control of their health care communications.

Should there be patients in our facility who are of high public or media interest, we have several ways to protect their privacy. Alias names can be applied in certain circumstances to protect the patient’s identity during treatment. At the time of discharge, the name can be reverted back to ensure that prescriptions and other home-going instructions reflect the correct name. We can apply a special feature to the patient’s medical record called “Break the Glass” which requires all staff to state their reason for entering the record and to re-authenticate their identity before being permitted to enter. This can serve as a very effective deterrent to would-be curiosity seekers from peeking into the medical record. Additionally, all access to the electronic medical record is tracked; both random and targeted reviews are done to validate the appropriateness of staff access to the medical record. Staff at Nationwide Children’s are acutely aware of their roles and responsibilities in protecting patient privacy and they know that entrance into the medical record is limited to purposes of treatment, payment and health care operations.

On the technology side, staff are given encrypted laptops so that, in the event of a theft, no protected health information (PHI) will be compromised. Understanding that email is often the most efficient means of communication for some caregivers, we have made email encryption by typing **secure** in the subject line of the email available to staff when communicating “need to know” patient information electronically. We also run special software behind-the-scenes to detect PHI leaving the institution without adequate protections and we have a process to follow up with those individuals to ensure proper handling going forward. We also provide secure file transfer methods for the safe transmission of large files. Finally, because the Nationwide Children’s community is far reaching, we offer many secure ways for staff to work remotely without compromising patient confidentiality.

All of these methods, working in concert, assist our staff in protecting a patient’s privacy through every step of their health care journey. For more information contact the Privacy Office at Nationwide Children’s at PrivacyOffice@NationwideChildrens.org.

Nationwide Children's Hospital
700 Children's Drive Columbus, Ohio 43205 614.722.2000