HIPAA QUIZ True Or False?

HHS – April 2002

HOSPITAL: The privacy rule prohibits semi-private rooms. With two patients in a room, there is no way to guarantee that one won’t overhear health information about the other. Now I’ll have to rebuild my facility to include only private rooms.

The Privacy Rule does not require these types of structural changes be made to facilities. Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI.

FALSE !


	FALSE! The Privacy Rule does not require these types of structural changes be made to facilities. Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI.

	“Reasonable safeguards” mean that covered entities must make reasonable efforts to prevent uses and disclosures not permitted by the rule. The Department does not consider facility restructuring to be a requirement under this standard. The rule does not require that all risk be eliminated to satisfy this standard. For example, the Privacy Rule does not require the following types of structural or systems changes:
		*Private rooms.
		*Soundproofing of rooms.
		*Encryption of wireless or other emergency medical radio communications which can be intercepted by scanners.
		*Encryption of telephone systems.

	In determining what is reasonable, the Department will take into account the concerns of covered entities regarding potential effects on patient care and financial burden. While some covered entities may need to make certain adjustments to their facilities to minimize access, such as isolating and locking file cabinets or records rooms, or providing additional security, such as passwords, on computers maintaining personal information. No structural modifications are required to be made to semi-private rooms under the Rule.