Find-A-Code Focus Newsletter

From NAMAS: Is Your Patient PHI Fully Protected?

February 19, 2016
As you probably know, HIPAA stands for the Health Insurance Portability and Accountability Act.This means that as healthcare professionals, we must hold ourselves accountable when handling patient information. This goes beyond having conversations with unauthorized people about what we see or hear in the office. Unlike OSHA, patients, employees, visitors, employers, etc. can be fined if they break HIPAA laws. A series breach could cost someone up to $1.5 million for one violation. Because of this, steps must be taken to ensure that patient information stays safe while its in our possession. Patient information can arrive to us in various forms, including electronic, written and even verbal. Are you and your office taking the necessary precautions for your protected health information (PHI)?

To Ensure Your Compliance:
  • Be sure that your office HIPAA policy and procedure manual is up to date and that all forms are in compliance.
  •  Compile an inventory of data hardware and software that is accessible in your office. A list of all equipment that has the ability to store information should be kept and updated as needed. Also, keep software stored safely away from anyone who could possibly tamper with it. This way, in the event anything was stolen or destroyed, you will have a record of it.
  • Perform and document updates on hardware and software. Each time updates are completed on a computer, there should be a written acknowledgement. Serves that are on your property should be locked up at all times to minimize access bu unauthorized persons.
  • If you use an electronic medical record program, collect access logs, including unsuccessful login attempts. Be sure that your program has a way to identify who has been accessing electronic charts and if the access was for work purposes only. Some attempts may be made by an outside source to gain access to the office's records, which is why unsuccessful logins should be recorded.
  • If office employees have access to use the internet, restrictions should be made to limit access to websites used for work purposes only.
  • Prepare a contingency plan. Test it and revise it as needed. Your plan should be kept on hand in the event of an audit.
  • Have a safe place to store data so that it is retrievable in the event of a disaster. Some servers are maintained offsite by a hosting company.
  • Keep PHI discussions among employees to a minimum. Employees should be aware of their surroundings and keep their voices low and conversations to the point. Music or television can be used to help prevent eavesdropping.

 

Whether your office is old or new, concessions can be made to ensure that the office is HIPAA friendly:

 

1. Always escort patients and visitors from the waiting room and through the clinical area.

 

2. Keep doors closed at all times between the lobby and the clinical area, as well as when patients are in exam rooms.

 

3. If nurse's stations are close to patient areas, make phone calls about appointments and test results elsewhere if you are able to be overheard.

 

4. Music or television in quite areas can prevent eavesdropping where PHI might be overheard.

 

5. Install privacy screens on computers that are visible by patients. Be sure to logout or lock your computer if leaving the room.

 

6. Closed windows are best at check in and check out areas to ensure privacy. If either area is crowded with patients, inform additional patients to have a seat and they will be seen shortly.

 

Erring on the side of caution is always best when it comes to patient information. A medical office can be a very busy place, but we cannot allow ourselves to be careless. If someone were you complain, it is likely that it will not be the patient that you are speaking with, but the person who accidentally heard the conversation or received your email or fax by accident. 

This Week's Tip Provided By:
Kelly Ogle, BSDH, MIOP, CHOP, CMPM  
Kelly is an OSHA/HIPAA Specialist for our parent organization, DoctorsManagement, LLC

Get more information like this on the NAMAS website.

share
 

More Items in February 2016


To view more items select a month from our "Items by Month" list.

Or view documentation, coding and billing articles.

 

Poll

How likely are you to recommend Find-A-Code to a friend? 1 = not likely, 9 = very likely

News Items by Month
February 2022- 1
2021 - View
2020 - View
2019 - View
2018 - View
2017 - View
2016 - View
2015 - View
2014 - View
2013 - View
2012 - View
2011 - View
2010 - View
2009 - View
2008 - View
demo
request yours today
subscribe
start today
newsletter
free subscription

Thank you for choosing Find-A-Code, please Sign In to remove ads.