In April 2001, President George W. Bush signed a law called “The Privacy Rule”. Six years in the making, this landmark law, which took affect on April 14, 2003, gives citizens new rights to privacy by requiring all organizations which handle healthcare information--whether written, oral or computer-based--to “reasonably safeguard” that information.

1. Can “Oral Privacy” actually be measured?
Many professionals and consultants assume that Oral Privacy is subjective, and that it can’t be measured or monitored objectively. But, Oral Privacy is what lawyers call a “term of art.” That is, a precise, measurable, public and professionally accepted definition of it exists which is easily identifiable and understandable. In fact, the scale on which Oral Privacy is measured and the electronic instruments used to measure it have been around for quite a while. Three recognized standards organizations, the ISO, the ANSI and the ASTM, publish a suite of six widely known standards that define--in measurable, quantitative terms--what “Oral Privacy” means and how to use instruments to measure it. For example, “Confidential Privacy” has a numerical rating of 0.05 on a scale known as “A.I.” (for “Articulation Index”), while “Normal Privacy” has a numerical “A.I.” rating of 0.20.

2. What does HIPAA say about “Oral Communications”?
It says “the same protections afforded to paper and electronically-based information must apply to verbal communications as well.”

3. Aren’t “incidental disclosures” considered permissible by the new Oral Privacy Rule?
Here is exactly what the Privacy Modification Final Rule says. “The Privacy Rule generally requires covered entities to make reasonable efforts to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose (sec. 164.502[b]).” And it says (sec. 164.530[c]) “the Privacy Rule requires covered entities to implement appropriate administrative, technical and physical safeguards to reasonably safeguard protected health information bfrom any intentional or unintentional use or disclosure that violates the Rule…including information transmitted orally, or in written or electronic form.” And it says “An incidental use or disclosure [is] permissible only to the extent that the covered entity has applied reasonable safeguards as required by sec. 164.530[c].” And it also stipulates that “an incidental use or disclosure that occurs as a result of a failure to apply reasonable safeguards or the minimum necessary standard, where required, is not a permissible use or disclosure and, therefore, is a violation of the Privacy Rule.” And it adds that “The Department does not intend with this provision to obviate the need for medical staff to take precautions to avoid being overheard, but rather, will only allow incidental uses and disclosures where appropriate precautions have been taken.”

4. What does the term “reasonable safeguards” mean?
First, it means that an organization is responsible for having taken reasonable steps to find out whether objective, practical standards exist that define Oral Privacy and clearly describe how to measure and monitor it. Second, it means that an organization has considered how these standards can affordably create an environment where a patient’s right to privacy is respected without burdening healthcare workers or compromising the organization’s ability to provide healthcare services.

5. How would I know if our facility has a problem?
There are simple yet practical ways to determine if you have “Oral Privacy” compliance problems. Check to see if you can over hear conversations:
• In waiting areas as others check in?
• Between exam / treatment areas?
• In the corridors outside of exam rooms?
• Between patients and staff in corridors or other public access areas like nurses stations?
• In pharmacy areas?

Due to the design of most facilities, compliance problems in these areas are almost certain unless specific steps have been taken to address them.

6. How can any entity comply with HIPAA without building walls?
A variety of tried, tested and number-rated techniques and technologies exist to both measure Oral Privacy, monitor it around the clock, and—without building walls—create the conditions in which patients and doctors can be assured of Oral Privacy. These include certain types of noise-blocking curtains, highly
sound-absorbent partitions and ceiling tiles and a widely-used technique called “sound-masking.” All of these are readily available inexpensive and easy to implement. This assures that organizations can comply with the law.

7. Can background music be used to solve the problem?
Playing background music can help reduce incidental disclosures to a degree. The issue with background music is that the volume and intensity vary, thereby failing to provide consistent protection for sensitive conversations.

8. Is extensive training required to put this into practice?
No. This approach means that there’s no need to train medical personnel about how to behave under “The Privacy Rule.” This approach uses “passive” and “electronically active” acoustic technologies to provide private environments without walls where freedom of movement and open communication is possible without compromising patients’ legal rights to privacy.

A great way to address these issues is by using a Speech Privacy System.