HIPAA Legislation

The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, was enacted by the United States Congress and signed by President Bill Clinton in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. Per the requirements of Title II, the HHS promulgated five rules regarding Administrative Simplification: the Privacy Rule, the Transactions and Code Sets Rule, the Security Rule, the Unique Identifiers Rule, and the Enforcement Rule.

Privacy Rule

The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) established, for the first time, a set of national standards for the protection of certain health information. The regulation increased consumer control over the use and disclosure of their medical information. It also established appropriate safeguards that must be followed to protect the privacy of patients’ health information.

The Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) held by “covered entities.” These entities are generally health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.

Everyone now has a right to oral privacy with concern to his or her PHI. The Office of Civil Rights accepts complaints for alleged violations of the HIPAA privacy rule by covered entities. A fact sheet is available at the OCR website at http://www.hhs.gov/ocr/privacyhowtofile.htm. Violations are expensive. Penalties for non-compliance can cost providers up to $250,000 and up to 10 years in prison.
While oral privacy is only one part of the exhaustive HIPAA regulation, it is also one of the more subjective areas in terms of interpretation. The Privacy Rule requires physicians to use appropriate administrative, technical, and security safeguards to protect the privacy of protected health information — including oral communications. But what safeguarding measures are and aren’t enough?

While the Privacy Rule does “not” require structural changes be made to facilities, it does require that that they make reasonable efforts to prevent prohibited uses and disclosures not permitted by the Rule. The Department does not consider facility restructuring to be a requirement under this standard. The Privacy Rule does not require the following types of structural or systems changes:

•  Private rooms
•  Soundproofing of rooms
•  Encryption of wireless or other emergency medical radio communications which can be intercepted by scanners
•  Encryption of telephone systems.

In the absence of stringent guidelines for safeguarding PHI, the HHS Department has indicated that it will look at what other “prudent” professionals are doing to protect oral privacy when determining whether a covered entity has taken adequate measures to avoid having conversations overheard

In a democracy, the objective of laws is to serve the best interests of the people and reflect their highest aspirations. Contained within the “letter of the law” is the purpose or intent, which is termed the “spirit of the law.” For any given law, the spirit of the law is the hope for change, or benefit, that the law will produce, as predicted by the designers of the law. In other words, laws are tools that are intended to be useful and beneficial.

Since the spirit of the law is the reason for its existence, many believe the letter of the law is subordinate to the problem-solving intent of the law and covered entities should go above and beyond to meet the spirit of the law. When it comes to HIPAA oral privacy, installing soundproofing to ensure patients get total privacy meets the spirit of the law, not the letter of the law. It enables covered entities to meet the intent of the law. It’s just the right thing to do for patients and could also keep a practice our of legal complexities and help prevent fines.

Evaluating Your Medical Facility’s Oral Privacy Issues

Your own ear is the best testing and measurement instrument available. If you can overhear any conversations that are meant to be private in any area you will need to provide reasonable safeguards to protect against incidental disclosure.

You don’t need to be a sound engineer to evaluate if you have a problem with oral privacy in your facility. A simple audit and walk-through of any facility will indicate whether there is a problem or not. If you’re unsure whether noise is a problem in your practice, it’s easy to evaluate – simply spend a few moments in your exam rooms, your waiting room/reception area and your staff break room and focus on what you’re hearing including where the noise is originating and the intensity/volume of the noise. You may also want to consultant an acoustic specialist – a professional who assesses environments for noise and provides guidance to soundproof your space.
In regard to industry-accepted measurements for oral privacy, industry standards for speech (oral) privacy, three recognized standards are used for the measurement of the intelligibility of sound (conversations):

•  ISO (International Standards Organization)
•  ANSI (American National Standards Institute)
•  ASTM (American Society of Testing and Materials)

These standards and principles are used by sound engineers to measure and evaluate relative sound levels. The American Society of Testing and Materials (ASTM) has existed for decades. ASTM has been providing quantifiable practices, tools, and measurements to assess speech privacy levels. For years, speech privacy professionals have used ASTM standards to establish acceptable and unacceptable levels of normal and confidential speech privacy for business and health care facilities alike.

ASTM measures speech privacy by using an articulation index (AI). AI represents how all elements in and properties of a space affect the ability to understand speech. AI is expressed as a decimal value between 0 (speech is unintelligible) and 1.00 (speech is completely intelligible). An AI of .20 or less will result in a space that provides normal to confidential speech privacy.

It is important to understand that a conversation is considered private if it is an unintelligible conversation (one that cannot be discernible) to a nonparticipant. This type of conversation will not jeopardize the oral privacy rights of an individual.

Sound

In many doctor’s offices across the country, conversations can be heard through the walls of patient rooms. Sound travels not only in a straight path from its source but also bounces off partitions, bends around barriers, and squeezes through small openings, all of which can allow noise to reach surprisingly far beyond its point of origin.

Sound radiates spherically. Even if the sound source is facing one direction, the sound it produces will travel in all directions. Sound will move from one room to another through direct and indirect paths. It is important to understand that while sound can travel through air pockets like ductwork, stud and ceiling joist cavities, it can also be conducted along studs, joists, pipes, concrete and glass. Sound vibration uses a rigid surface to travel.

When sound strikes any surface, some sound energy is reflected, some absorbed, and some transmitted into the adjacent space. The sound that we hear in typical rooms is made up of two parts: Direct sound, the sound that arrives at our ears directly from the sound source; reflected sound, the sound that has reflected from a room boundary surface.

Sound is measured in decibels in intervals of 10. A typical conversation occurs at approximately 60-70 decibels. Sound transmission through a wall or floor depends primarily on the mass of the construction. The following are some sound transmission losses of typical building elements:

Soundproofing

Soundproofing isn’t a cure-all to saving healthcare facilities from penalties resulting from oral privacy breeches, but it may be one of the most beneficial places to start. Soundproofing will not control when and where patient information is discussed. It will however, significantly mitigate the sound through absorption, damping, or blocking. Given that many healthcare facilities are in older, uninsulated buildings, adding soundproofing will go a long way toward ensuring better patient privacy.

Soundproofing can be achieved in a variety of ways, and there are solutions for every budget. The challenge is when and how to soundproof. It’s always easier to soundproof an office when starting from a blank slate rather than retrofitting an existing space. So if you’re moving into a new space you’ll want to make sure you’re working with your design firm to come up with a layout that prevents sound from traveling and materials that mitigate noise. It’s also possible to install certain types of soundproofing materials in an existing building.

Depending on the purpose of a building or room, primary acoustical requirements could include sound control between spaces, sound control within a space, or listening efficiency in meeting rooms and auditoriums. Just as technical challenges can vary widely from space to space, so, too, do the choices of materials and design details that can meet them. Thoroughly exploring these options requires time and effort.

So what types of modern acoustical soundproofing materials are available to help keep conversations within a room or area in a medical facility? Here are just some:

•  Acoustic ceiling panels or ceiling tiles.
•  Sound absorbing wall cover – simple do-it-yourself noise deadening solution
•  Acoustical sound barriers that deflect or absorb sound.
•  Acoustic insulation (like QuietFiber) placed in between wall joints behind drywall
•  Viscoelastic sound absorbing polymer materials (like Acoustiblok) behind drywall
•  Acoustic cloud systems – sound panels that are placed overhead in an area.
•  Sound masking – the addition of natural or artificial sound (such as white noise or pink noise) into an environment to cover up unwanted sound by using auditory masking.
•  Acoustical sound sealants

In the Spirit of the Law

Think about how many patient-related conversations which occur every day in hospitals, doctor’s offices, clinics, pharmacies, or other health care providing organizations over the course of a day, week, month and over a full year. The number of possible oral privacy violations could be high. Unless healthcare providers implement a reasonable solution that creates a safeguard for these conversations, healthcare providers are at the mercy of every patient who chooses to complain.

Unless the HIPAA law is amended, using soundproofing materials isn’t required in the letter of the law, but it falls well within the spirit of the law. While it’s great that confidential information is safely locked away in their computer system, if you can hear patients and staff talking about their medical conditions and concerns in the next room, how confidential can patient information really be?

Although HIPAA creates a right to privacy, it doesn’t create the right for private persons to sue if they feel their privacy has been compromised, creating little incentive for healthcare providers to soundproof their buildings. However, patients do file complaints, which could lead to fines and a requirement that the provider correct their procedures to prevent future privacy issues. For some health care providers, this is starting to become incentive enough for healthcare providers to consider soundproof their buildings and rooms.

READ MORE: Related Information

http://www.hhs.gov/ocr/privacy/