Technology, Security, and HIPAA
What architects, designers, and building owners working in healthcare need to know and how Shen Milsom & Wilke can help.
(PRWEB) July 3, 2004
The Health Insurance Portability and Accountability Act (HIPAA) defines how healthcare facilities handle patient health information. Identifying what information about patients should be protected is the responsibility of the institution; many have HIPAA compliance officers. But designing new and existing facilities that meet federal regulations is, ultimately, up to the architect, designer, and building owner.
Compliance is based on instituting “reasonable safeguards,” an ambiguous and subjective term. Consultants within Shen Milsom & Wilke’s acoustics, multimedia, information technology, and security areas are specially trained to understand HIPAA standards and to guide design professionals. Additionally, consultant Brian Moores, a healthcare multimedia and network designer, recently earned his HIPAA Certified Security Specialist and HIPAA Certified Professional designations from the well-respected HIPAA Academy.
HIPAA standards affect electronic, written, and aural health information security and exchange. Shen Milsom & Wilke has compliance recommendations for each of these aspects, as well as for physical security. The recommendations are guidelines for healthcare providers to follow in meeting the “reasonable safeguards” requirements for new and renovated spaces. If an obvious attempt is made to implement these safeguards, this may be sufficient for HIPAA. Here are excerpts from Shen Milsom & Wilke’s recommendations.
Electronic
HIPAAÂ’s electronics standards guide data exchange (which often includes written materials); audio, including real-time transcription and audioconferences; and video, including surgical procedures, videoconferencing, and still images. This information may be recorded, transmitted, and sometimes replayed to many different individuals and entities. HIPAA stipulates the safeguard of information in transit as well as in storage.
Recommendations include:
HIPAA-compliant monitor and display locations; Physical access security systems for media control and telecommunications rooms, and electronic data storage facilities; Network and facility security policies to designate user groups and access policies; Coordinating IT systems design to adhere to the facilityÂ’s security policies and procedures; Touch-screen control system interface designs that enable access to middleware that bridges multiple database healthcare systems. This facilitates the control and selection of private healthcare information in the form of audio/video content for review, display, archive, and transport; Integration of archival database and storage systems, and creation of patient audiovisual files and associated metadata for instant access and display through departmental healthcare systems, such as radiological, surgical, or hospital information systems.
Acoustic
Spoken disclosure of protected health information may include patient consultations, laboratory test results, diagnosis, and information read aloud from a computer screen or written documents. It may also include electronic sound—from videoconferences, recordings, and other sources.
There are two components to acoustical privacy: speech privacy and freedom from intrusive noise. The ideal environment permits occupants to speak easily with a visitor or on the telephone without distraction and without being clearly understood by those in surrounding spaces. Electronic information should be clearly intelligible and confined to its intended space.
Recommendations include:
Upgrading partition constructions and specifying acoustically efficient ceilings and wall treatments. Electronic masking sound system or other systems for raising the ambient sound level. For example, many doctors’ offices have bubbling fish tanks in the reception area to cover noise from the exam rooms. Masking is also recommended throughout an open-plan office. Open-office workstations located so that the distance between individuals is at least 12 feet and the adjoining workers do not face each other or a common reflective wall surface. They should include acoustical screens, ceiling tile, and wall treatments, and fully carpeted floors. Closed offices and conference rooms where sensitive patient information is shared should provide excellent speech privacy potential—normal voices are barely audible; raised voices are audible but mostly unintelligible. These spaces should have high sound transmission class (STC) partitions extending slab to slab.
Physical Security
Controling access to sensitive information and the ability to retrace unauthorized access are the central goals of a security program. They are accomplished in a number of ways, including the following recommendations:
Use of biometric authorization in conjunction with another verifiable technology. Closed-circuit television surveillance and observation. Radio frequency indentification tracking of files and data media used to trace locations and check-out patterns.
Shen Milsom & Wilke, an international technology consulting practice founded in 1986, offers comprehensive services in the areas of multimedia/audiovisual, information technology/telecommunications, building security, and acoustics. The firm has offices in New York, Princeton, Washington, D. C., Chicago, Houston, Denver, San Francisco, Las Vegas, London, Dubai, and Hong Kong, and a staff of more than 140 professionals. Shen Milsom & Wilke was named one of the 100 fastest growing A/E/P firms in the nation by Zweig White & Associates for the years 2001, 2002, and 2003.
# # #
