- to encourage a cooperative flow of information between hospitals and the news media
- to standardize protocol for releasing information from hospitals
- to ensure patients’ rights to privacy are consistent with applicable law
Most hospitals have public relations offices staffed with professionals who are aware of the needs and deadlines of the news media. During normal working hours, members of the media should contact these offices first. Public relations professionals understand the inner workings of their respective hospitals and are in a position to gather information and provide appropriate information to the media.
After office hours and on weekends, each hospital should have an authorized spokesperson to respond to media inquiries. Each hospital should determine its own system of selection of an appropriate authorized person and determine when senior public relations executives should be called.
The names and telephone numbers of persons designated to respond to media inquiries should be available to hospital operators and other personnel who might receive media calls. It is important that media calls be given only to such designated personnel.
Releasing Patient Information
Privacy regulations issued by the Office of Civil Rights of the U.S. Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) govern the use and release of a patient’s personal health information (PHI). In the event state law or hospital policy is more restrictive than the HIPAA privacy standards, the more restrictive law or policy will apply.
HIPAA privacy standards have specific provisions for the release of limited “directory” information without the patient’s consent or authorization. However, the patient must be told about the use of the information and must be given the opportunity to object to or restrict the use or release of the information. Unless a patient objects, the following information may be placed in a directory.
- the patient’s name
- the patient’s location in the health care provider’s facility
- the patient’s condition, described in general terms that do not communicate specific information about the individual
- the patient’s religious affiliation
Disclosure of this information for directory purposes may be made to members of the clergy or, except for religious affiliation, to other persons who ask for the individual by name.
HIPAA privacy regulations establish a minimum acceptable threshold for the use and release of PHI. State and federal law (see the following topic “Confidential Information”), as well as hospital policies, may establish stricter standards. For example, hospitals should be very cautious about releasing PHI about any patient associated with the commission of a crime or where the safety and security of both patients and hospital personnel may be jeopardized.
Patient Condition Reports and Information
Patient condition may be provided consistent with the limitations imposed by HIPAA privacy standards. If these standards are met, general condition information may be provided that does not communicate specific information about the individual. The American Hospital Association has suggested the following one-word descriptions of a patient’s condition.
- Undetermined — Patient awaiting physician assessment.
- Good — Vital signs are stable and within normal limits. Patient is conscious and comfortable. Indicators are excellent.
- Fair — Vital signs are stable and within normal limits. Patient is conscious but may be uncomfortable. Indicators are favorable.
- Serious — Vital signs may be unstable and not within normal limits. Patient is acutely ill. Indicators are questionable.
- Critical — Vital signs are unstable and not within normal limits. Patient may be unconscious. Indicators are unfavorable.
- Treated and Released — received treatment but not admitted
Note: The term “stable” should not be used as a condition. Furthermore, this term should not be used in combination with other conditions, which, by definition, often indicate a patient is unstable. With written authorization from the patient, a more detailed statement regarding a patient’s condition and injuries or illness can be drafted and approved by the patient or legal representative.
When accidents occur, the media should call the hospital where the patient is transported for a condition report. Reports at the accident scene are not official condition reports. A condition report can be assigned to a patient only after a physician’s assessment.
The fact that a patient has died may be released as part of the directory information about the patient’s general condition and location in the facility if other conditions related to directory information are met (for example, the patient must have had an opportunity to object to inclusion in the directory).
Minor children (under the age of 18) may have information released with the consent of a parent or legal guardian, in accordance with the preceding guidelines. Minors under age 18 who are authorized to consent to specific medical procedures under state law retain control over the use and disclosure of PHI.
The privacy regulations address situations where the opportunity to object to or restrict the use or disclosure of directory information cannot be practicably provided because of an individual’s incapacity or emergency treatment circumstance. In such a case, a covered health care provider may use or disclose an individual’s directory information if the use and disclosure is (1) consistent with a prior expressed preference of the individual, if any, that is known to the covered health care provider; and (2) in the individual’s best interest as determined by the covered health care provider, in the exercise of professional judgment. Please note that conditions 1) and 2) both must apply for a provider to release patient information under HIPAA. The covered health care provider must provide the individual with the opportunity to object to the use and disclosure of directory information, when practicable.
In addition to the limitations on release of PHI imposed by the HIPAA privacy standards, state and federal law also may impose specific limitations.
The release of any information concerning the HIV/AIDS status of a patient is prohibited under Missouri and Kansas state law.
Patients admitted to an organized alcohol or drug-treatment program that receives any federal support are entitled to complete confidentiality, including whether they are in the program or not. Release of information about such patients must be accomplished in a specific manner established by federal regulations.
Media Access to Patients
When the media want to interview or photograph a patient, the hospital’s authorized spokesperson should check with the appropriate hospital staff to ensure the patient is physically and emotionally capable.
The hospital’s authorized spokesperson must obtain the patient’s permission. If the patient is a minor, permission must be obtained from the parent or legal guardian.
If the patient is under arrest, permission also must be obtained from the law enforcement officer in charge of the patient’s custody.
Media representatives should be accompanied by a hospital public relations professional or other appropriate staff while in the hospital.
Hospitals or other covered entities, pursuant to the HIPAA privacy standards, may disclose PHI to a public or private entity authorized by law or its charter to assist in disaster relief efforts. PHI also may be released to these types of organizations for the purpose of coordinating with such entities in contacting a family member, personal representative or person directly responsible for a patient’s care.
Police reports and other information about hospital patients often are obtained by the media. The claim is frequently made that once information about a patient is in the public domain, the media is entitled to any and all information about that individual. This is not true. Health care providers are required to observe the general prohibitions against releasing PHI about patients found in the HIPAA privacy standards, state statutes or regulations and the common law, regardless of what information is in the hands of public agencies or the public in general. Requests for PHI from the media on grounds that a public agency, such as law enforcement, is involved in the matter should be denied.
Emergency Medical Services
EMS units or ambulance services that provide health care services to patients are considered health care providers under HIPAA. However, health care providers, including EMS and ambulance services, are considered covered entities subject to the HIPAA patient privacy regulations only if they transmit any health information in electronic form.
Members of the clergy frequently request access to names of patients in a hospital to determine if members of their congregations have been admitted. Patient names may be released to members of the clergy if a patient has given permission. A patient must be asked by a hospital if his or her name may be included in a hospital directory. A patient also must be asked if religious affiliation may be included in the directory. The patient may agree or object to the inclusion of his or her name or religious affiliation in the directory. If the patient objects to inclusion of his or her name, clergy may not be told that person is in the hospital. If the patient does not object, clergy may receive the directory information without asking for the patient by name.