The HIPAA law to protect patient health information is quite well known by personnel in most physician offices. There still remain, however, some questions regarding HIPAA’s rules and regulations. Providers who are not up to date with changes in the law risk potential violation that could not only damage a practice’s reputation but cause criminal and civil fines. There are a plethora of practices to avoid in order to run a compliant and successful business such as social breaches. An accidental breach of patient information in a social situation is quite common, especially in smaller more rural areas. Most patients are not aware of HIPAA laws and may make an innocent inquiry to the healthcare provider or clinician at a social setting about their friend who is a patient. It is best to have an appropriate response planned well in advance to reduce the potential of accidentally releasing private patient information. As a former Patient Account Rep, I recall processing payments for patients. When a third party called to request Medical or Business information, I’d have to let the person know that in order to discuss further business matters, the patient would need to authorize them. Also, documents such as Power of Attorney help confirm.
Another very common HIPAA violation is the mishandling of patient records. If a practice uses written patient charts or records, a physician or nurse may accidentally leave a chart in the patient’s exam room available for another patient to see. Printed medical records must be kept locked away and safe out of the public’s view. This should be common sense but every detail must be enforced. HealthCare Revenue Services help the physician offices grow and provide more revenue and one aspect to the company is our technology. We provide ipads in each holding room for patients to log in their own family history and background. While we are mindful this saves time, we are also mindful that patients cannot take the ipad or enter any information for any other patient. A small breach of security could be the catastrophe of the next individual.
Next, of course we can’t forget social media, or as I’d like to call it, everyone’s home. So much of us live on social media but imagine taking a simple picture at your office desk with the computer screen or documents exposed ? Posting patient photos on social media is a HIPAA violation. While it may seem harmless if a name is not mentioned, someone may recognize the patient and know the doctor’s specialty, which is a breach of the patient’s privacy. Make sure all employees are aware that the use of social media to share patient information is considered a violation of HIPAA law.
Also, make sure your computer and laptop are password protected and keep all mobile devices out of sight to reduce the risk of patient information being accessed or stolen. Most physicians and employees use laptops containing Medical information so even when leaving the office, be aware on security breaches. Again, one of the most common reasons for a HIPAA violation is an employee who is not familiar with HIPAA regulations. Often only managers, administration, and medical staff receive training although HIPAA law requires all employees, volunteers, interns and anyone with access to patient information to be trained. Compliance training is one of the most proactive and easiest ways to avoid a violation. Last but not least, a major HIPPA violation employees do is discuss the medical information of patient’s thinking that because it’s a work environment that it’s okay when is it still indeed, a violation.