A Tale of Two Doctor’s Visits


Margaret C. Scavotto, JD, CHC
Management Performance Associates

A few weeks ago, I went to a new doctor for a consultation. While waiting alone in a patient room for the doctor, I noticed a monitor attached to the wall. It showed a color-coded appointment schedule with last names of every patient coming in that week. I wondered what I else I could access if I tried to use the computer (Don’t worry, I didn’t try).

When I checked out after my appointment, I saw three patient files open on the reception desk. I also saw another monitor, with a patient’s X-ray prominently displayed. While my PHI wasn’t visible to others that day, I realized it could be. I felt disrespected. I didn’t go back. Instead, I asked around for another doctor – one with good privacy practices – and will fork over another copay to see a different doctor.

I also happened to receive an outpatient procedure this year, at a hospital. Upon arrival, nobody asked me to sign in on a sign-in sheet visible to others. I received a buzzer so my name would not be announced in the waiting room. My identity was verified several times – discreetly and kindly: by asking for insurance cards; double checking my ID bracelet, etc.

Nobody likes going to the hospital. It’s expensive. It’s time away from work, kids, etc. And yet when I left, I was raving about my experience. At the hospital. Why? Because they respected me when they protected my privacy. In return, I appreciated them.

What’s the difference between these two examples? A HIPAA mindset. A mindset that elevates customer service and translates into patient satisfaction.

The greenhouse effect

In March, I had the pleasure of speaking about HIPAA and social media at the National Association of Rural Health Center’s annual conference in San Antonio. A woman in the second row shared a conversation she had with a patient of the Rural Health Center where she works. This woman was careful not to mention any PHI when talking to the patient. But, she mentioned the patient’s greenhouse. When she hung up the phone, another patient in the lobby said: “I know who that patient is – she has the best greenhouse in town!”

Who would have thought that a patient could be identified by a greenhouse? That’s unexpected. The woman who shared this story has a HIPAA mindset. First of all, she recognized this as a potential HIPAA privacy concern right away. Secondly, she immediately began contemplating: What exactly is PHI? What can we do better to protect it? This approach constantly evolves practices in a way that puts patient privacy first.

Moving toward a HIPAA mindset

For many healthcare employees, HIPAA is very important. But, it’s not our first job. Our first job is treating patients, processing claims, making appointments, etc. But all of these jobs can be performed better with a HIPAA mindset.

How can we elevate our respect for patient privacy? Brainstorm with your team. How could PHI come up unexpectedly? How has PHI come up unexpectedly for staff members? How can we be on the lookout for PHI? How can we use our conversations to show patients respect? Lots of people will have stories to tell, and solutions to share. Use the secret shopper approach: have someone with a HIPAA mindset actually experience every procedure where information is exchanged between patient and institution; critique and reform.

In the future, when it is time to upgrade your space, if HIPAA is a mindset, it will be incorporated into your design. How can your design maximize privacy? What changes would you make to the nurses’ station? The reception desk? The waiting room? Where the fax machine is kept?

With a HIPAA mindset, you, too, can elevate patient care.


  1. Great article, who would have thought a seemingly anonymous comment could reveal PHI? It truly needs to be a mindset; thanks for the insight and reminder!

  2. Very relevant observations. I hope you shared your concerns with the doctor’s office. Sometimes people need reminding to evaluate the practices that they have ascribed to for many years and look at those practices with fresh eyes. Your decision to go to a different doctor should speak volumes to them. Chances are many other patients have noticed this and not said anything. Great article.

    • Theresa, great suggestion – we have hotlines and do everything we can to encourage our staff to report compliance problems, but now I am imagining what providers can learn from customers who leave. I think a follow up conversation with the doctor’s office is fair – as well as an update to the physician who referred me. Thanks for your comment!

  3. Thanks for sharing this experience. I also look for HIPAA mindset when I go to a healthcare provider. It matters!

  4. Thank you for sharing this important information. I am thankful that someone spoke out about this. This is ethical for everyone should be protected by law.

  5. I have found recently that on a number of occasions (different doctors for different reasons) I have been left to wait for a doctor in their office with the computer screen on and fully visible. I did smile once to know that I was the youngest person on the list that one of them was seeing. To me it is an extreme breach of privacy and something I point out to them then and there.

    Your article is a good reminder of our need to speak up. Thank you.

Comments are closed.