.
VANDERBILT UNIVERSITY MEDICAL CENTER

Information Privacy and Security

Incidental Disclosures

Overview  -  In the course of routine communication, protected patient information sometimes be inadvertently disclosed to someone who is not authorized to receive that information.  The HIPAA regulations call this an incidental disclosure.

The Incidental Disclosure section of this website will provide details about various situations that may generate risks of incidental disclosures.  It will also provide examples of specific safeguards that are recommended.  These recommendations may not apply to every situation as it may not be realistic to implement some of the safeguards in certain circumstances.  Always use your professional judgment when communicating to ensure quality health care for our patients while maintaining the patient's right to his or her privacy.

Incidental Disclosure Risks  -  VUMC staff members should take reasonable precautions to limit incidental disclosures of patient health information.  Specific types of incidental disclosure risks are listed below.  Click on the type of incidental disclosure to read a further discussion of, obtain specific recommendations and to look for more resources:

Visual Disclosure:     Situations where unauthorized individuals may see patient information.   Including:  sign-in sheets; patient boards; patient charts at the bedside; patient room doors; computer screens; and more.
________________________________________________________________________________
Oral Disclosures:     Situations where unauthorized individuals may overhear patient information.  Including:  leaving messages on answering machines or with people other than the patient; speaking on the telephone; calling patients in waiting areas; collecting information from patients; communicating health information to the patient or to the patient's family and friends; communicating patient information to other medical staff involved in the patient's care; and dictating.  
_________________________________________________________________________________
Disposal:     VUMC must take appropriate measures to make sure patient information is not retrievable by unauthorized individuals when dispoing of documents, records, other materials containing identifiable patient information, computers and electronic devices and media.
_________________________________________________________________________________
E-mail and Faxing:     Safeguards should be in place in order to prevent incidental disclosures when confidential information is being transmitted by e-mail or faxing.
_________________________________________________________________________________
Sign-In Sheets:     Issues and ways to address minimizing possible incidental disclosures when using sing-in sheets to check-in patients.
__________________________________________________________________________________
Leaving Messages by Phone:     Guidelines on what type of information to disclose and what type of information to limit when leaving messages by phone about patients on answering machines or with people other than the patient.

 

This page was last updated April 6, 2009 and is maintained by Linda Campbell