MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsCatalyst PDF FileCommunity HappeningsCampus News

Return to Main Menu

Rest easy—HIPAA brings positive changes

by Susan E. Pletcher
Director, Health Information and Patient Access Services
While MUSC has always taken patient confidentiality seriously, HIPAA privacy rules brought more attention to the matter. 

It is important to ensure that patients feel comfortable in receiving their care at MUSC. Their comfort should include not only the physical and emotional support that MUSC is so well known for, but also  comfort in knowing that their health information is maintained in a confidential manner. 

It is especially important that employees know their protected health information (PHI) is safeguarded. To monitor this, MUSC employees admitted to the hospital have their health care files audited to be sure that no unauthorized users have accessed protected health information. 

While not 100-percent fool-proof, there are electronic tools in place to monitor access, and the paper record  while the patient is in the hospital is still an issue. 

With the aggressive work toward a truly electronic medical record, staff will be able to monitor real-time access to the active patient record once this process is in place. In the meantime, employees must monitor each other and abide by our policies on privacy and code of conduct. 

The adherence to HIPAA privacy regulations remains an ongoing challenge for MUSC and other institutions. 

Employees may be terminated for violations and can only view their own health information and that of their minor (under 16 years old) child. They must have written permission from a spouse, other family member, neighbor, or co-worker before viewing the protected health information of this group. 

The following processes were enacted to assist with maintaining the privacy rights of our patients:

  • Audits of employees admitted to the hospital
  • Investigation of suspected HIPAA privacy violations
  • Audits of protected health information (PHI) as requested in writing by employees and others who feel their information may have been accessed by unauthorized persons
  • Random audits of the general patient population, including public figures
  • Use of the Compliance Hotline to report possible violations anonymously
  • Direct calls or e-mails to the information security officer (ISO)—Sharon Knowles
  • Monitoring of business associate (BA) contracts— BA employees are held to the same standards as MUSC employees
  • Monitoring of disposal of (PHI)—special locked shred bins should be used for disposal of PHI, not the recycle baskets.
  • Annual privacy and compliance training


“While we continue to experience some issues dealing with the HIPAA regulations, many situations are identified and resolved before an incident happens,” said Sharon Knowles, MUHA HIPAA compliance officer. “Through employee education and the processes in place, we have made everyone aware of the importance of patient privacy and confidentiality.”

Friday, July 16, 2004
Catalyst Online is published weekly, updated as needed and improved from time to time by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to petersnd@musc.edu or catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Community Press at 849-1778.