Under the HIPAA Privacy Rule, covered entities must implement safeguards to protect against the unauthorized use or disclosure of PHI. Such safeguards may include HIPAA “soundproofing” measures designed to protect patient privacy. Note, though, that soundproofing measures are no substitute for a thorough HIPAA compliance program that covers all aspects of the HIPAA rules.
What are HIPAA Soundproofing Measures?
The HIPAA Privacy Rule does not require retrofitting of hospitals and doctors’ offices, to eliminate the possibility of overhearing a conversation between doctor and patient, or a conversation between doctors about a patient.
The rule DOES require covered entities to have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI). Covered entities must make reasonable efforts to prevent uses or disclosures of PHI that are not permitted under the Privacy Rule. In general, covered entities must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
The Department of Health and Human Services (DHHS), which enforces HIPAA, explicitly notes that not all risk of of protected health information be eliminated. Rather, covered entities must implement reasonable safeguards to:
- Avoid prohibited uses and disclosures
- Limit incidental use and disclosure. Incidental use and disclosure occurs when PHI disclosure occurs by chance, without intention or calculation, during an otherwise permitted or required use or disclosure. To be regarded as an incidental disclosure, the disclosure cannot be reasonably be prevented.
Covered entities must review their own practices and determine what steps are reasonable to safeguard their patient information and privacy. In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the potential effects on quality of care.
Covered entities may consider the financial expense of implementing particular safeguards. In addition, covered entities also may take into consideration the steps that other prudent health care and health information professionals are currently taking to protect patient privacy.
Examples of HIPAA soundproofing that may constitute reasonable safeguards are:
- Installation of acoustical door seal kits. These can be added to existing doors to reduce the amount of sound transferred to adjacent offices and hallways.
- Installation of acoustical wall panels. Acoustical fabric wrapped wall panels may reduce the amount of ambient office noise.
- Installation of special ceiling tiles. These noise barrier ceiling tiles may reduce the amount of speech transferred from one office to another.
While soundproofing measures may provide for a less-than-zero increase in the amount of privacy, such measures are nowhere near as important as having a HIPAA compliance program that covers all facets of the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Omnibus Rule.
Need Help with HIPAA?
Let our complete HIPAA solution handle it.