In April 2001, President George W. Bush signed a law called "The Privacy Rule". Six years in the making, this landmark law, which takes affect on April 14, 2003, gives citizens new rights to privacy by requiring all organizations which handle healthcare information--whether written, oral or computer-based--to "reasonably safeguard" that information. Penalties for organizations that fail to comply are severe and include jail terms of up to ten years and fines of up to $250,000.

1. What does HIPAA say about "Oral Communications"?
It says: "the same protections afforded to paper and electronically-based information must apply to verbal communications as well." And it says: "an incidental disclosure is permissible only to the extent that the covered entity has applied reasonable safeguards." And therefore: "disclosure that occurs as a result of a failure to apply reasonable safeguards is a violation of the Privacy Rule."

2. How is "Oral Privacy" measured using accepted technical standards?
Three recognized standards organizations, the ISO, the ANSI and the ASTM, publish a suite of six widely-known standards that define--in measurable, quantitative terms--what "Oral Privacy" means and how to use instruments to measure it. For example, "Confidential Privacy" has a numerical rating of 0.05 on a scale known as "A.I." (for "Articulation Index"), while "Normal Privacy" has a numerical "A.I." rating of 0.20.

3. What does the term "reasonable safeguards" mean?
First, it means that an organization is responsible for having taken reasonable steps to find out whether objective, practical standards exist that define Oral Privacy and clearly describe how to measure and monitor it. Second, it means that an organization has considered how these standards can affordably create an environment where a patient's right to privacy is respected without burdening healthcare workers or compromising the organization's ability to provide healthcare services.

4. Putting up flyers and telling people to speak softly--is that enough?
Where objective, science-based standards exist which define and measure Oral Privacy, and where simple, reliable, inexpensive techniques and technologies exist to create private environments without building walls or constraining healthcare workers, it is unreasonable to assume that healthcare workers should have to "learn new habits" when they're already under pressure to dispense critical, often live-saving healthcare services.

5. How can any entity comply with HIPAA on schedule-without building walls?
A variety of tried, tested and number-rated techniques and technologies exist to both measure Oral Privacy, monitor it around the clock, and-without building walls-create the conditions in which patients and doctors can be assured of Oral Privacy. These include certain types of noise-blocking curtains, highly sound-absorbent partitions and ceiling tiles and a widely-used technique called "sound-masking." All of these are available "off-the-shelf" and are inexpensive and easy to install. This assures that organizations can comply with the law on schedule by April 14, 2003.

6. Is it costly or hard to meet the Oral Privacy requirement with these standards?
No. The standards simplify the task of compliance. All that needs to be done is to take a set of instrument measurements and then install the applicable remedies where needed to ensure patient privacy. Systems can also be installed which continuously monitor privacy levels so that organizations have an objective record of compliance--like any other security program.

7. What is the value of using existing standards and "off-the-shelf" solutions?
There are four advantages. First, this approach to compliance is objective, measurable and proven over several decades in a wide variety of environments. Second, it's simple, affordable and readily available. Third, it assures organizations that their compliance programs are easy to monitor and document, ensuring continuous compliance. Fourth, this approach holds suppliers of "off-the-shelf" solutions responsible for ensuring that their equipment lives up to claims and delivers meaningful patient privacy.

8. What are the penalties for not "reasonably safeguarding" patient privacy?
Violators face civil and criminal penalties: The law says "Up to $50,000 plus 1 year in prison for obtaining or disclosing patient information; up to $100,000 plus 5 years in prison for obtaining patient information under false pretenses; up to $250,000 plus up to 10 years in prison for obtaining or disclosing patient information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm."

9. Is extensive training required to put this into practice?
No. This approach means that there's no need to train medical personnel about how to behave under "The Privacy Rule." This approach uses "passive" and "electronically active" acoustic technologies to provide private environments without walls where freedom of movement and open communication is possible without compromising patients' legal rights to privacy.

10. Is it hard to find professional help?
No. Acoustic scientists and engineers can be located easily through telephone directories or internet search engines. The profession of acoustics was founded 55 years ago by scientists from Harvard and MIT. This group also founded the well-known research and development firm, Bolt Beranek and Newman (BBN) in Cambridge, Massachusetts and other cities. For over fifty years, the firm has advised federal, state and local government agencies as well as hundreds of clients in the public and private sectors on matters pertaining to acoustics, signal processing, privacy and confidentiality. Re-named CSM/Acentech, the firm has been in continuous existence since 1949.

Back to HIPAA Main Page

Click here to request a quote!