Although new technology has played a big role in improving hospital security, it has also created a whole slew of new concerns for security directors.
From camera phones to so-called "nanny-cams," the improper use of electronic devices not only raises red flags about patient privacy and possible Health Insurance Portability and Accountability Act of 1996 violations, but can cause headaches for hospital security.
Camera phones make it easy to snap photos of patients without them realizing they've been photographed, much less agreeing to it. And these devices are being carried not just by visitors, but by staff members, as well.
Some potential problems may not even be on many hospitals' radar screens. For instance, at Children's Hospital in Boston, a nurse recently discovered a Webcam hooked up by parents in their child's hospital room, according to a report in The Boston Herald
. The discovery stunned the patient's doctor, a pediatric oncologist, and raised questions about privacy issues.
The child's parents set up the camera so the child's favorite relative could see what was going on during the hospital stay.
The doctor asked the parents to remove the camera, the newspaper reported, and a hospital spokesperson said families of patients at Children's Hospital are free to film their own child but must have permission to record staff members or other patients.
Camera phones are particularly problematic. "The biggest issue is if people walked in with a video camera, we'd stop them," says Frank Ruelas,
a consultant at AZ HIPAA, in Surprise, AZ. "But we don't even notice cell phones anymore. And getting the picture is only half the problem. The other problem is that you can send pictures directly to e-mail. You can shoot it electronically anywhere, and now the whole world can get to it."
"This absolutely is a concern for security," given that security officers are often the front line for enforcement, says Steven MacArthur,
safety consultant for The Greeley Company, a division of HCPro, Inc., in Marblehead, MA. If there's someone taking pictures on a patient floor, clinical staff members may try to intervene, but if faced with resistance, they are likely to call security to respond.
Despite widespread recognition of the problem, there is little consensus on how to handle the issue. Some hospitals have considered outright bans on camera phones-which might be difficult to enforce, because camera phones look like any cell phone and are small enough to hide easily. Other facilities have had success simply by enforcing existing photography and cell phone policies. Take a look at your policy
At Stony Brook (NY) University Medical Center, that approach has led to no complaints so far, says Stephanie Musso,
Stony Brook's privacy officer. The hospital's cell phone policies require visitors and staff members to leave patient areas and go to a general area or outside when they use their phones. This minimizes the risk of snapping unauthorized photos.
Musso trains her staff to enforce the existing photography policy, which states that no one can snap photos of patients without the patients' permission. When Musso's staff members see someone using a camera phone in an unauthorized manner, they inform the offender of the policy and ask him or her to delete the photos if a patient complains.
Part of the problem is that constant surveillance on the part of staff is impossible. And if patients don't know that someone has photographed them, they won't know to complain, Musso says. The best line of defense may simply be to inform patients of the protections that your current cell phone and photography policies afford. Also let them know that they can seek staff members' help if something makes them uncomfortable. Consider your own staff
However, visitors aren't the only issue. Your staff members also might carry camera phones. Ruelas has heard reports of physicians snapping pictures of patients to prompt the physicians to include certain items in later dictation.
The problem arises if the physician fails to ask for the patient's permission or photographs an unconscious patient. Also, staff members might sometimes inadvertently include patients in personal photos of colleagues, perhaps at a party or other event. So it's important to educate staff members about the need to get consent before taking photos, Ruelas advises.
However, he warns that a specific camera phone policy may be too difficult to enforce in an era when everyone carries a cell phone. As technology keeps evolving, you might also find that there are new gadgets you didn't think to include in such a policy. Instead, a well-crafted photography policy should cover the problem and remain enforceable, no matter what new gizmo comes along.
It's important for staff members, including security, to know what will be accepted or tolerated, including what level of intervention they should take if someone is misusing a camera phone, says MacArthur. For example, does the hospital want security staff to confiscate devices? Where do you draw the line? For example, can visitors take pictures of family members? How do you verify who's family and who is not? These situations raise many questions for hospitals, MacArthur notes, including the following:
- Do you ask patients to sign releases that they agree to have their picture taken?
- Do you have signs posted or other materials to provide to patients and visitors so they understand your policy?
- Do you prohibit camera phones altogether or prohibit picture-taking in patient rooms, but allow it in the patient lounge or other common areas?
"This is not something that should be decided upon unilaterally," MacArthur says. "There are a number of stakeholders in the process."
Include your privacy or compliance officer, security, public relations, administration, and clinical staff members in policy decisions. Discuss the risks and then develop a strategy to manage those risks, he says.
From a survey perspective, be sure your hospital documents its safety and security risk assessment processes, he advises.
Scott Wallask is the editor of Briefings on Hospital Safety. He may be reached at firstname.lastname@example.org
. This story first appeared in the July edition of Briefings on Hospital Safety
, a monthly newsletter by HCPro Inc.
For information on all of HCPro's products, visit www.hcmarketplace.com