Knapp Frazer Consulting Lab Focus


(+) Chemistry (+) CLIA and Regulatory Compliance CLIA Final Rule Highlights Director's Responsibilities under CLIA Is it warm in here? Office Lab Start-up Patient Information Post-Inspection Proposed HIPAA Enforcement Rule The Lab Director Waived Lab Inspections (+) Hematology (+) Instrumentation (+) Laboratory Manuals (+) Microbiology (+) Organ Systems and Disease States (+) Personnel (+) Quality Assurance (+) Quality Control (+) Safety (+) Specimen Collection and Handling (+) Waived Methods	Patient Information Patient information is entrusted to healthcare professionals so that we can deliver the best care possible. It is our responsibility to use this data only toward that end and to protect the privacy of the patients under our care. Here is a practical approach to day-to-day HIPAA compliance. Contact Knapp· Frazer Consulting to write your complete HIPAA plan. The Reception Desk The waiting room is crowded and the receptionist is doing three things as once. A new patient presents himself for his first appointment with his new doctor or for a blood test. The questions come fast. The answers must be loud to be heard over the chaos: Name? Address? DOB? SSN? HMO or PPO? Anyone in the waiting room with pencil, paper, and felonious intent could assume this man's identity! What would it take for a little privacy at the reception desk? If there must be a verbal interview, add a partition, perhaps with acoustic material, to separate the interviewer from the rest of the front office activities. Install a sign asking other patients waiting in line to stand back for privacy. (They'll appreciate it when it's their turn to shout their personal info.) Move waiting area chairs away from the desk or counter. Take a moment to sit in the waiting area on a busy morning to assess the possibility of unintentional eavesdropping. Move them again, if necessary. If the patient is asked to complete a questionnaire, provide a private area within the waiting area for that purpose. Separate chairs within this area for as much privacy as possible. Computer Data While HIPAA has determined how electronic transactions are to be safeguarded to protect the security and confidentiality of electronic patient information, the following common-sense approach to computer use within your lab/practice can reduce unauthorized access to private information. Situate computer screens so that passers-by (employees and patients) cannot read screens from neutral locations. Use log-in codes for each employee that both record and authorize access. Habituate authorized computer users to log off each time they leave their station. An unauthorized access under their code is their responsibility. Computers print out reams of data. Patient information should be used, then filed or shredded. Do not use the backsides of discarded patient documents as copy or printer paper, even for internal use. Telephone and Facsimile Staff members consulting with patients on the phone or relaying patient information by phone or fax should have a private area in which to work. Mrs Brown's prescription is not the business of the billing staff or the random patient walking past the back office desk. Fax machines or printers for off-site laboratories should be located in areas where unauthorized personnel cannot learn of a patient's test results. Quality Assessment QA requires specific information to identify, evaluate, and resolve problems. QA personnel are exempt from HIPAA restraints for QA purposes. If you use an contracted consultant for QA activities, provide all documents necessary for that purpose. Require consultants to sign a business associate agreement. People Talk We all discuss interesting cases, diagnostic puzzles, and medical horror stories with colleagues. Doing so is a kind of word-of-mouth QA process. However, we must remember to delete patient names and other identifiers from our conversations and choose the appropriate surroundings for these discussions. Obviously, the hospital cafeteria is an inappropriate place to discuss contradictory laboratory data on Ms Nunez. Even if you are not using her name, DOB and SSN, chances are good that Mr Nunez in the next booth is going to recognize the details of his loved one's case. Wait until you are back in the private areas of the office or in the staff lounge. Make it Stick Your policy regarding your patients' right to privacy should be a matter of record. Your HIPAA manual forms the basis for laboratory/practice policy and for training sessions. Make it clear that you will tolerate no unauthorized access to patient records and no indiscriminant transmission, in any form, of patient data.
Back to top...
This article may be republished in its entirety on your web site or in your newsletter under the following two conditions: 1) Include the following statement at the beginning or end of the article. "Republished with permission of the author, Margaret A Knapp MT(ASCP) CLS, of Knapp·Frazer Consulting. www.knapp-frazer.com ~ 707.539.6621" 2) Send copy of your publication or URL to Knapp·Frazer Consulting at time of republication.

Knapp • Frazer Consulting • 707.539.6621 • info@knapp-frazer.com Copyright 2005. All rights reserved. Site designed by Planeteria Web Design.