Patient Directory Policy
Review Dates: 6/29/13
CATHOLIC HEALTH SERVICES
Rockville Centre, New York
IT Security & Privacy Policies and Procedures
Policy Number: 110
Last Revision Date:
This policy reflects CHS’s statement concerning patient’s rights to privacy in patient information displayed in the facility directory.
This policy applies to all facility staff members and medical staff members. Facility staff members include all employees, medical or other students, trainees, residents, interns, volunteers, consultants, contractors and subcontractors at the facility. Medical staff members include physicians as well as allied health professionals.
1. Patient Directory
a. As a general rule, patient information should only be placed in our facility’s patient directory, and information in the patient directory should only be disclosed to persons or organizations outside the facility, so long as the patient is given an opportunity to object and does not do so. A very narrow exception applies in emergency treatment situations (discussed below). Patient directory information must be limited to the patient’s name, location at the facility, one word description of the patient’s general condition, and religious affiliation.
b. All facility staff and medical staff members should be aware that special privacy protections apply to HIV-related information, alcohol and substance abuse information, genetic information, sexually transmitted disease information, and mental health information. Some activities, which are permitted under this policy, may not be permitted when using or disclosing these types of information. Facility staff and medical staff must comply with all facility policies on privacy and confidentiality when using or disclosing these sensitive types of information for any reason. They are expected to be aware of the requirements under those policies.
c. Ordinary Circumstances
i. Before the facility includes any information in its patient directory or discloses that information to other persons, the following procedures must be followed:
Review Dates: 6/29/13
ii. Inform The Patient
At the time of admission, a facility staff member or designee will be responsible for the following:
1. Describe Proposed Use
The patient will be advised that, if he or she does not object, his or her information may be used in our patient directory in the following way:
2. Our patient directory may contain his or her name, location within our facility, general condition, and religious affiliation;
3. Disclosure of Patient Condition
It is the policy of the Facility not to disclose a patient's condition.
4. Information about the patient’s location within our facility and general condition, but not about his or her religious affiliation, may be released to any person who asks for the patient by name;
5. Information in the patient directory, including the patient’s religious affiliation, may be released to any member of the clergy, even if he or she does not ask for the patient by name.
6. Opportunity to Object
The patient will be advised that he or she has the right to restrict what information we keep in our directory or who will have access to the information. The patient’s rights for restriction of information are clearly outlined in the Notice of Privacy Practices. For example, the patient may instruct us to release information about his or her status and location, but not his or her religious affiliation, or the patient may request that we release information to his or her parents, but not his or her roommate. The patient may also instruct us not to include or disclose any of his or her information in the directory.
7. Revoking An Objection. The patient will be advised that any restriction requested may be revoked at any time.
iii. Record The Objection
If the patient has an objection or restriction, a facility staff member must record the objection or restriction on a Patient Directory Form and deliver the form to the Director of Patient Access as soon as possible. A copy of the facility’s Patient Directory Form is attached in the Appendix of this policy. The Director of Patient Access, or his or her designee, will ensure that this objection is entered into our patient directory so that all facility staff and medical staff who are authorized to access the directory will be aware of any restrictions on using or disclosing the patient’s directory information. The Director of Patient Access, or his or her designee, should then add the Patient Directory Form to the patient’s medical record. A copy of the form should be sent to the Privacy Officer.
iv. Check The Patient Directory Before Responding To Requests
All requests for directory information about our patients must be directed to facility staff who are authorized to access our patient directory and respond to these requests. No one should disclose patient directory information without first examining whether there are restrictions in the patient directory. If there are restrictions in the directory and/or the medical record, they must be followed unless the patient expresses an intent to clarify or revoke them.
v. Any calls, requests for information, or inquiries from the media or members of the press should be forwarded immediately to the Community Relations Development or designee.
vi. In rare circumstances when there is concern that a patient did not intend a restriction to apply to a visitor who is requesting directory information, the visitor may be asked to wait in the facility reception area while a facility staff member or medical staff member responsible for the patient’s care asks the patient whether any or all directory information may be disclosed to that visitor. Care should be taken, however, not to reveal a patient’s presence in the facility (for example, by agreeing to ask the patient if the restriction applies to the visitor) if doing so would violate the very restriction in question.
vii. If a patient revises a restriction or lifts the restriction as to a particular visitor, a facility staff member or designee should record that revocation or revision in the medical record after ensuring that there are no other restrictions noted in the medical record. The Director of Patient Access and Privacy Officer should be advised of the revocation.
2. Emergency Circumstances
a. In some cases, it may not be possible to obtain the patient’s permission to include his or her information in the patient directory because the patient is incapacitated or in need of emergency treatment when first admitted to our facility. This may occur, for example, if a patient is unconscious when first brought to our facility’s emergency room. It may also occur if the patient is conscious and capable of making a decision, but is so seriously injured that asking permission to include his or her information in the directory would delay treatment in a way that would jeopardize the patient’s health.
b. Patient’s Best Interest And Known Preferences
In the emergency situations described above, the patient’s name, location in our facility, general condition, or religious affiliation may be disclosed to another person if a facility staff member or medical staff member responsible for the patient’s care determines that disclosure is in the patient’s best interest and consistent with any prior information we have about the patient’s preferences. In some cases, it will be appropriate to disclose certain pieces of information (such as the patient’s name), but not other pieces of information (such as the patient’s location in the facility), in order to protect the patient’s interests. When deciding what information, if any, may be disclosed, the following factors should be considered:
i. Whether disclosing that the patient is in the facility could cause harm or danger to the patient (for example, disclosing information to a potential attacker);
ii. Whether disclosing a patient’s location within a facility would give information about the patient’s condition (for example, if the room number revealed that the patient was on a Behavioral Health or Mother/Baby Unit);
iii. Whether it is necessary or appropriate to give information about the patient’s status to family or friends (for example, if necessary to find out if the patient’s family knows more about his or her condition or prior history because the patient is unconscious); and
iv. Whether the patient has previously expressed a preference about how information should be used in the patient directory.
As soon as possible after the patient’s incapacity or emergency treatment is over, the procedures described above for ordinary circumstances must be followed. The patient must be informed of our patient directory policy and given an opportunity to object to or restrict our uses and disclosures of his or her information in that directory.
1. The facility’s Privacy Officer has general responsibility for implementation of this policy. Members of the facility staff, medical staff and vendors, subcontractors and business associates who violate this policy will be subject to disciplinary action up to and including termination of employment, contract or medical staff with the facility.
2. Anyone who knows or has reason to believe that another person has violated this policy should report the matter promptly to his or her supervisor or the facility’s Privacy Officer. All reported matters will be investigated, and, where appropriate, steps will be taken to remedy the situation. Where possible, the facility will make every effort to handle the reported matter confidentially. Any attempt to retaliate against a person for reporting a violation of this policy will itself be considered a violation of this policy that may result in disciplinary action up to and including termination of employment or contract with the facility.
3. If you have questions about this policy, please contact your department supervisor or the facility’s Privacy Officer immediately. It is important that all questions be resolved as soon as possible to ensure protected health information is used and disclosed appropriately.
In the event that a significant regulatory change occurs, the policy will be reviewed and updated as needed. The policy will be reviewed periodically to determine its effectiveness in complying with the HIPAA Security Regulations, as well as meeting business needs.
Lynn Taylor, CPO Date
Dr. Patrick O’Shaughnessy, CMO Date