When local public health officials contacted Scripps Health on March 9 to tell them one of its patients tested positive for COVID-19, they gave Scripps the option to conceal or disclose the health system's identity during a press conference later that day.
San Diego, Calif.-based Scripps opted to reveal its name, but asked to delay the press conference until the next morning so executives could tell the employees and vet their message. Sixty people would ultimately go into quarantine, said Chris Van Gorder, president and CEO of Scripps.
"Our employees will talk, so the idea of keeping it confidential is a bit silly," he said. "What we wanted to do is manage the message. We worked through the night to make the appropriate notifications."
That involved relaying information to the Scripps Green Hospital's internal emergency command center as well as Scripps' centralized command center, the marketing team to ensure the information was accessible, physicians to make sure it was accurate, and the legal team to ensure it complied with privacy laws.
"We try to be really up front about it and pretty transparent, but also cautious when it comes to patient information," said Van Gorder, adding that there was a delicate balance between being informative and over-communicating. "Crisis communication is incredibly important now."
Scripps gives daily updates to its employees and answers their questions through hotlines and portals related to visitation access, supply levels and other topics. It put together videos for employees about how to properly take protective gear on and off. It also set up hotlines and videos for the public, relaying that patients should call them if they think they have the virus so they can meet them outside.
Executives are constantly on the phone with the county health department to interpret new Center for Disease Control and Prevention guidelines. Everything is coordinated with operations administrators and the centralized command center, Van Gorder said.
"We want to make sure the policies we have established have a trail of approval from the right sources to defend our actions," he said.
Hospital responses to the pandemic have varied. While some are actively communicating and being transparent, others are declining to publicly disclose if one of their patients has COVID-19 to minimize liability.
Hospitals weigh these decisions as they toe a fine line between disclosing accurate information, complying with privacy laws and not inciting fear.
"There is a major lack of preparedness for something of this scale," said Joe Grace, a partner at Chief Outsiders, a healthcare marketing-oriented consultancy.
The first U.S. patient with COVID-19 sought medical care at Providence Regional Medical Center Everett (Wash.) in February.
But Providence hasn't necessarily been promoting the number of cases of COVID-19 as the Renton, Wash.-based system takes a more conservative approach to patient privacy, said Melissa Tizon, the health system's associate vice president of national communication.
"We are being very cautious about that," she said. "But we are taking the lead for our local public health authorities."
Providence launched a chatbot that screens patients and expanded its telemedicine offerings, Tizon added. It sent out a letter to its patients to ensure they have the most accurate information and resources, reminding them to call ahead before coming into the facility.
Providence put on a webinar to share best practices with other health systems.
"It could be just a matter of time before other communities have to be prepared for this," Tizon said.
As long as hospitals are releasing de-identified patient data, they should be compliant with the Health Insurance Portability and Accountability Act, said Valerie Breslin Montague, a partner at the law firm Nixon Peabody. If the hospital receives an inquiry from the press who relays a specific name, that is where hospitals have to be more careful, she said.
"I recommend that whomever is responding to inquiries is appropriately trained on what they can or cannot say, especially when it comes to social media," Montague said. "Hospitals can do a lot of reputational harm if they improperly reveal the identity of a patient who has the virus."
Penalties range from $100 to $50,000 for each HIPAA violation, up to $1.5 million a year. But the biggest risk is if the government subsequently investigates and exposes other issues, she said.
There were two COVID-19 cases announced Wednesday in Michigan that revealed the counties they were located in, said Debra Cooper, a senior risk management specialist at Coverys, a medical professional liability insurer.
"It's a slippery slope—if you let people know where the cases are, they may be more cautious and stay away from certain events," she said. "If you say nothing, they get a false sense of security."
More than 43% of 110 hospital and health system executives said the U.S. healthcare system wasn't prepared to handle COVID-19, according to a new survey from Advis. Less than 40% said it was; the rest "didn't know."
"It's not that they don't have infection-control policies or good communication plans, they don't know how to deal with this fear," Advis CEO Lyndean Brick said. "They are getting it from patients and staff alike and that complicates measures they have in place and creates uncertainty." The private sector has stepped up, she added.
Ninety-three percent of 247 emergency physicians surveyed by the American College of Emergency Physicians in 2018 said their emergency departments are not fully prepared for surge capacity during a disaster. About three-quarters indicated they don't always have access to real-time data.
"They have been quiet and caught sleeping to some degree and this is a big wakeup call," Chief Outsiders' Grace said.
Providing the community education to combat disinformation ranked third as to what steps their organization has taken to prepare, with increasing infection-control training and evaluating supply-chain contingencies topping their list, according to the Advis survey. Only about a quarter of respondents said their company has expanded telehealth.
Disruption of drugs and supplies was their top concern. The vast majority of executives said the government should try to ensure that public communication is directed by clinical experts, the survey found.
About three-quarters of executives said the government should coordinate, fund and increase staffing in hotspots. Executives also said the government should support paid time off through direct funding and expand telehealth reimbursement.
"Hospitals have been waiting for the government to lead the way and come up with the funds and plans to help them through this crisis, and that's probably a mistake," Grace said.
The more proactive hospitals have been restricting visitors and increasing telehealth capacity to minimize emergency department utilization. People need to know where to find accurate information, although extra effort is needed to reach those who don't have access to it, Cooper said.
"If someone doesn't know an answer to something, they make it up, and that creates fear," she said.
Internally, using experienced people in the command center is important, said Dr. Ghazala Sharieff, chief experience officer at Scripps Health.
"This helps prevent information from spreading that can cause more confusion," said Sharieff, adding that multidisciplinary teams huddle multiple times a day.
There's a concern that hospitals don't have enough beds, devices and supplies. But there has been minimal explanation from the majority of hospitals about where to go when someone is sick, who are most vulnerable and how they are coordinating with other healthcare providers, Grace said.
A lot is at stake, he said.
"There could be a complete loss of trust," Grace said. "They code lose donations from individuals and communities, be sanctioned by state and other authorities. Hospitals to a large degree are silent and it is staggering to me."
