Healthcare Information Security

Patient Privacy News

CMS Finds Minnesota Hospital Violated Patient Privacy Rights

Minnesota-based Fairview Southdale Hospital violated patient privacy rights by videotaping patients without their knowledge or consent during psychiatric evaluations in the emergency room, a CMS investigation concluded.

patient privacy rights

Source: Thinkstock

By Fred Donovan

- Minnesota-based Fairview Southdale Hospital violated patient privacy rights by taping patients without their knowledge or consent during psychiatric evaluations in the emergency room, a CMS investigation concluded.

The CMS probe focused on a woman who had been taken to the hospital’s emergency room against her will in May 2017 because police officers were concerned that she might harm herself or others, according to a report by the Star Tribune newspaper.

The woman discovered the taping when she requested the security camera footage from the hospital as part of a lawsuit regarding her treatment by police and her emergency room admission.

The patient said she was “shocked that they videotaped me the whole time I was there,” according to the CMS investigation. The patient stated that the “videotape was ‘horrifying to her’ and there was no marking in the room to tell her she was being recorded,” CMS noted in its report.

The hospital had added cameras to its eight psychiatric evaluation rooms because of an increase in the number of violate patients over the previous year, a hospital official told investigators.  There were no signs warning patients that they were being videotaped. The monitor for the cameras is in the emergency room nursing station, away from public view.

A consent form for treatment informs the patient that videotaping is possible for medical education, but the woman in this case refused to sign the form or submit to treatment.

The video camera captured her changing into hospital scrubs, but only her back was visible.

In a statement, the hospital said: “Fairview is deeply committed to providing safe, high-quality patient care and protecting the rights of all patients. In situations such as this, we work closely with regulatory agencies to promptly and thoroughly investigate concerns raised and take appropriate action to ensure we are fully compliant and indeed exceed expectations of those we serve moving forward.”

Healthcare facilities that videorecord patients for security reasons should notify them, Sue Abderholden, executive director of the Minnesota chapter of the National Alliance on Mental Illness, told the newspaper.

“If you're going to do it, there should be a sign and you should orally tell the person,” she said.

Fairview has discontinued videorecordings, but will continue videomonitoring of patients for medical education or safety, the newspaper noted.

The hospital also has trained nurses to tell patients about the video monitoring and has installed privacy screens in its ER rooms with cameras.

HealthITSecurity.com recently examined the issue of patient privacy rights education both for patients and for hospital staff.

Providers must address the fact that many of their own healthcare employees misinterpret HIPAA, as well, and may inadvertently violate the spirit — or letter — of the law.  

A recent survey by MediaPro of 1,000 US healthcare workers found a lack of understanding about data privacy and security rules. In fact, more than three-quarters of healthcare employees were unprepared to address common privacy and security threat scenarios.

Christiana Care Health System CISO Anahi Santiago cautioned that a lack of privacy awareness by healthcare providers can be detrimental to patients.

“A lot of times clinicians will err on the side of being very conservative. If they don't really understand the rules, they might be concerned about sharing information because they think that it's not allowed. That could inhibit patient care,” Santiago told HealthITSecurity.com.

Mark Savage, director of health policy, Center for Digital Health Innovation, the University of California, San Francisco, agreed. “We have all heard the stories about providers who respond to a patient’s request for their health data by saying that HIPAA does not allow them to disclose or share the patient’s health data.”

Both patients and providers need to be better educated about privacy rights and data security. Providers should provide training for staff about HIPAA rules and clearly written information to educate patients about their privacy rights.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...