Privacy Best Practices
Protecting patient privacy is a core value of health care and is fundamental to demonstrating respect and building trust. Healthcare organizations and foundations must institute processes that protect patient privacy to the greatest extent possible both by law and as a matter of ethics.
The use and disclosure of protected health information for fundraising may seem straightforward but can be quite complex. Balancing patient privacy with organization’s operational imperatives in a way that achieves everyone’s goal can vary by organization and the risk tolerance of the organization as a whole.
The first consideration, what data is needed to accomplish the fundraising goal, is an important one and requires discussions with the development team. Sharing all patient health information permitted under the law is not always necessary. When unneeded information is shared, it can become a liability for the organization. By working together, the development and compliance teams can determine the right balance in the amount of data shared by the covered entity.
For more information on this topic, please visit: Privacy
HIPAA
With respect to informational privacy, someone on your operations team should be designated the gatekeeper for data to ensure adherence to policies on the information stored, how it can be used, and by whom. That’s why understanding the regulations and building a partnership with your compliance and information security teams is so important.
Your organization is responsible for understanding what is allowable in your patient database under HIPPA, documenting your interpretations of HIPPA regulations, documenting the processes for requesting personal health information, tracking patient opt-out information, and understanding your organization’s data retention and destruction policies.
For more information on this topic, please visit: Privacy