Working in health care can be a challenging yet rewarding experience. For one thing, you and your employees get to interact with an interesting cross-section of patients, and you can enjoy a great deal of satisfaction from knowing you are providing for their health care needs.
However, there is a legal aspect of the provider-patient relationship that poses a potential risk. Under the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA), patient information must be held in the strictest confidence. Patient files and information cannot be sent and shared over the internet without certain precautions.
This means that one slip-up by a member of your staff – however unintentional – could result in a HIPAA violation, costing your organization a severe fine and penalties. It can also harm your practice’s reputation.
Preventing HIPAA Violations
To avoid such an occurrence and ensure your practice’s HIPAA compliance, follow these measures:
1. Educate and Update Staff on HIPAA Rule Changes
The scope of these provisions has expanded in recent years, so it may be time for you to review the rules with your new and long-term staff members – especially as the rules relate to each employee’s job description.
2. Control Your Practice’s Mobile Devices
While it may be convenient to download or send messages from tablets or phones, if the device is not on a secure connection, you are in violation of HIPAA rules. In addition, the device needs to be protected with a password or a PIN.
To be safe, never download or store patient information or records on any of these devices. Keep all information and records on the practice’s secure computers only.
3. Use Firewalls, Encryption, and Authentication on All Devices
In case a work device is ever lost or stolen, use software programs that can remotely lock or wipe the device (i.e., reset to factory defaults, erasing all apps and data). Stress the importance of maintaining possession of devices to the employees who use these devices, and keep the encryptions and firewalls up-to-date.
4. Properly Store All Patient Files
Misfiling a patient’s paperwork or saving it on the wrong computer drive can be a costly mistake. Remind your employees who deal with patient files to always double-check that files are being saved in the right folders and drives.
5. Safely Dispose of Paper Files
It is imperative that your employees shred paper documents when they are no longer needed. This is particularly true of paperwork from new patients, who fill out information on paper with their Social Security numbers and health history.
6. Keep Patient Information Out of Visibility
Keep all computer monitors and mobile device screens hidden from view of patients and visitors. Also, do not leave patient folders open on desks, and do not openly display appointment calendars in patient areas.
7. Do Not Use Detailed Patient Sign-In Sheets
A sign-in sheet at the front desk that displays the reason for the appointment, medical problem, and/or insurance information is a clear violation of the HIPAA Privacy Rule. If you must have patients sign in, the only information on the sheet that is HIPAA-compliant is name, date, arrival time, appointment time, and the name of the medical practitioner the patient is there to see.
8. Do Not Allow Staff to Use Social Media in the Workplace
Candid photos that are shared on social networks could inadvertently display patients in the background or documents that can be enlarged, thus revealing private information.
Medical Practice Assessment Experts
If you are concerned about your practice’s HIPAA compliance, enlist an expert to conduct a HIPAA compliance assessment. ProMD Practice Management is fully knowledgeable in the laws, rules, and requirements of running a secure and compliant medical practice, and we would be happy to work with you to ensure compliance on all fronts.
Call us today at (844) 236-5488 or fill out our online contact form. Let us help you make your medical practice run more efficiently while adhering to all legal requirements.