HIPPA (Health Insurance Portability and Accountability Act) has been in place for 20+ years and fully enforced since 2003. There are many aspects to HIPPA as it relates to patient information and how that information is communicated, transmitted and stored. However, there is still some ambiguity on how to achieve oral privacy as it relates to patient information. A patient must give consent for treatment, payment and procedures which is referred to as protected health information. Upon consent by the patient it is now the responsibility of responsible entities (healthcare staff, billing, insurance, pharmacies, etc.) to ensure that necessary measures are in place to protect PHI (protected health information).
HIPAA states that in all cases, when individually identifiable protected health information needs to be disclosed, it must be limited to the ‘minimum necessary information’ to achieve the purpose for which the information is disclosed. But what does that really mean? When we look at healthcare environments; hospitals, waiting rooms, doctor’s offices, testing facilities, pharmacies, to name a few, in most instances there is a conversation(s) between patient and care provider, care provider to care provider, care provider to pharmacist/insurance etc. These conversations though necessary for care to be prescribed are often overheard or disclosed orally by others that should not be privy to this information known as incidental disclosures. An incidental disclosure doesn’t necessarily violate HIPAA as long as the responsible party is making a reasonable effort to minimize these types of disclosures.
Minimizing incidental disclosures can be facilitated through various ways, some examples of which are:
- Partitioning or enclosures in waiting rooms, registration areas and patient rooms
- Instructing staff to not hold conversations relating to PHI in common areas
- Instructing staff to speak in a lower tone
Is that enough? These applications can help but has the space been tested to ensure that it has achieved speech privacy? Based on standards set by the American Society for Testing of Materials (ASTM), there are metrics to determine whether a space provides adequate levels of speech privacy. By industry and ASTM-accepted standards, normal speech privacy is achieved when less than 20 percent of the spoken word is understood. This percentage correlates to an index known as the Articulation Index (AI). An AI of 0.20 or less is the benchmark for achieving speech privacy and is the standard your healthcare facility should meet to maintain an accepted level of speech privacy.
Sound masking can lessen the intelligibility of speech, creating speech privacy. People in the general area may know that a conversation is taking place but will not be able to decipher the actual conversation. Spaces incorporating sound masking can be tested to ensure that speech privacy has been achieved resulting in a reduction of incidental disclosures.
Code compliance is also critical in healthcare and is not optional. Muting or shutting down the sound masking is a requirement of NFPA 72 (2010 code and beyond) and the ADA. A product must meet the UL 2572 standard to interface with a FACP. Lencore offers two systems that meet the UL2572 standard; i.Net (sound masking, paging and audio) offers a solution that to interface with the Fire Alarm Control Panel (FACP), in order to shut down or mute the sound masking, in the event of a fire emergency. Lencore’s n.FormTM is a mass notification system that includes sound masking and also integrates audio, zoned paging, digital signage, social media platforms, email, strobe lights, and text messaging. n.FORM™ meets the UL 2572 standard for mass notification systems delivering the highest quality for reach, clarity, redundancy and reporting. This standard allows n.FORM to interface with a Fire Alarm Control Unit and the system leverages LON technology to allow simple integration with other third-party devices.