What does HIPAA mean by "reasonable privacy safeguards" in oral communication?


For almost 10 years after HIPAA (Health Insurance Portability and Accountability Act) went into effect, architects, engineers and healthcare planners had little guidance on speech privacy.  HIPAA requires "reasonable safeguards" to protect private information, but there were no industry standards that defined what this meant. Professionals used their best judgment to determine what constituted appropriate privacy for information transmitted orally between doctors and nurses, nurses and patients, pharmacists and customers, but they had no assurance that this would be acceptable if challenged in litigation.

In 2006, the Acoustical Society of America (ASA) Joint Subcommittee on Speech Privacy published the Interim Sound and Vibration Design Guidelines for Hospital and Healthcare Facilities (2006).  The guidelines were soon incorporated into the Green Guide for Health Care (GGHC) and then then into LEED for Healthcare by USGBC.  Finally, the 2010 revision of the Facilities Guidelines Institute (FGI) Guidelines for Design And Construction of Healthcare Facilities added the criteria for speech privacy.  The FGI Guidelines for Design And Construction of Healthcare Facilities provide an industry standard and strong basis for what is required to provide reasonable safeguards of private medical information.

The FGI Guidelines give objective design criteria.  Speech privacy can be predicted during design or measured in place.  For more detail, see Sound & Vibration Design Guidelines for Health Care Facilities (January 10, 2010), which is the sole Reference Standard for the FGI Guidelines and LEED for Healthcare.  The 2014 FGI Guidelines will further improve the acoustic guidelines.