Ensure patients’ privacy before the disaster

Ensure patients’ privacy before the disaster

Before a disaster strikes

Every disaster plan should include a strategy for coping with damaged records. It’s a crucial first step in the HIM department’s recovery.

If the facility contracts with a fire, flood, or storm damage restoration company, it’s a good idea to have a contract ready that would address various provisions for ensuring the privacy of the documentation.

According to a disaster planning practice brief written by Gwen Hughes, RHIA, a Belgrade, MT-based professional practice manager with the American Health Information Management Association (AHIMA) in Chicago, the damage restoration contract should stipulate that the restoration business will:

• Specify the method of recovery.
• Not use or further disclose the information other than as the contract permits or requires.
• Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the contract.
• Include the items required in business associate contracts in accordance with the Health Insurance Portability and Accountability Act privacy rule.
• Report to the contracting organization any inappropriate use or disclosure of the information of which it becomes aware.
• Ensure that any subcontractors or agents with access to the information agree to the same restrictions and conditions.
• Indemnify the health care facility from loss due to unauthorized disclosure.
• Upon termination of the contract, return or destroy all health information received from the contracting organization and retain no copies.
• Specify the time that will elapse between acquisition and return of information and equipment.
• Authorize the contracting entity to terminate the contract if the business partner violates any material term of the contract.