[ Monday, June 09, 2003 ]
More news stories on hospitals using the "opt in" method.
As you should know, hospitals must give their patients the right to keep their names off of the facility directory (which would effectively prevent anyone from calling the hospital to find out if you were a patient there). There are two ways to do that: "opt out" which allows patients the opportunity to take their name off the list (otherwise, it automatically appears on the directory and anyone calling to see if you are a patient will be told that you are there, but presumably not be told anything else about you except for "condition", i.e., critical, guarded, fair, etc.); or "opt in" which requires the patient to tell the hospital that they want to be on the directory. In other words, under "opt out" the default is having the patient's name in the system when someone calls; under "opt in," the default is that the patient's presence at the hospital will not be disclosed unless the patient specifically allows it.
Since the forms may be confusing, it is safer from the hospital's standpoint to use the "opt in" system. If the hospital uses the "opt out" system and a patient later claims that his privacy was violated when someone from the National Enquirer called and found out he was in the hospital, the patient might still sue the hospital, saying the form was too confusing and didn't give the patient enough notice that his name would be publicly available. However, if the hospital uses the "opt in" system, that risk is mitigated. Clearly, there's good cause for a risk-averse hospital (is there any other kind?) to go with the "opt in" system. If your family can't find you, it's your own fault for not opting in.
Vanderbilt University Medical Center in Nashville goes on the "opt in" basis.
Jeff [1:58 PM]
Blogger: HIPAA Blog - Edit your Template