Keeping your patients’ information private is one of the most important ways to stay compliant at your medical practice, and requires more than just signing off on forms. It requires vigilance and commitment, and that means you may need to perform a few ongoing tasks to stay on track with HIPAA compliance.
As part two in our series offering HIPAA compliance checklists, read on to find out the responsibilities you should carry out on an ongoing basis to keep your patients’ information private.
Ensure Everyone Understands Who’s Leading the HIPAA Charge
Part of practicing HIPAA compliance means having someone who’s leading the efforts at your practice. Serving in this leadership role is a daily responsibility. It may mean answering patient questions about privacy, providing tips to clinicians about how to make private phone calls about patients, or rewriting contracts with vendors to incorporate privacy provisions. The reality is that you must ensure that everyone at your practice understands that you’re taking your leadership role seriously and that everyone knows to come to you for guidance.
Track Compliance, Sanctions
Your practice’s HIPAA contact must ensure compliance with privacy practices and consistently apply sanctions when violations happen. Keep a log of any breaches, no matter how small, so you can use them for training purposes later. Even a misrouted fax or a chart left in an exam room can be a teachable moment, so track everything you see.
Handle Investigations
Whether a patient complains about their privacy being breached or an employee sends you an anonymous note on your desk about a HIPAA violation, you must handle investigations and make them part of your routine. You should also disseminate information about every breach you identify as part of your investigation work.
Confirm Patient Access to Medical Records
Patients have a right to access their medical records under the HIPAA law, so you should always be confirming that this right is being honored and that you aren’t overcharging for medical record copies.
Follow up With Vendors, IT Contacts
Your business associates must all comply with the patient privacy laws to keep patient records safe, so you should be monitoring these relationships every day. The same is true for any IT contacts, whether inside your practice or outside of it. If an internet, phone or computer security breach were to occur, your patient information would be severely compromised, so you must be monitoring the state of your security every single day.
Consider These Examples
Ongoing HIPAA compliance monitoring won’t necessarily be a full-time job. It just means you should be checking in on these factors every day. For instance, through the course of your day, you might encounter the following HIPAA items and you’ll need to check in on them.
10:04 a.m.: Upon walking through the crowded waiting room, you hear your receptionist calling from her desk, asking a patient who’s seated, “Mrs. Smith, why are you being seen today? The answer will guide which forms I have you complete.” You take the receptionist aside and let her know that the patient should not have to reveal her medical information in a room full of strangers.
11:30 a.m.: You get an email notification saying that your nurse’s EHR password was included in a list of compromised passwords online. You reach out to the nurse and ask her to change it immediately.
12:14 p.m.: You see that a doctor has left a patient record on the monitor in an exam room, despite the fact that a different patient is being seen in that room. You talk to the doctor about accessing patient records privately and only displaying them on public monitors when the patient in question is in the room.
3:30 p.m.: You talk to a patient who is upset that she ordered her medical records two months ago and never got them. You follow up with the team member who was supposed to provide her with her records and then ensure that you get the records to the patient that day and apologize.
As you can see, these responsibilities aren’t overwhelming, but performing them is an essential piece in the puzzle of HIPAA compliance.
Seeking additional HIPAA advice? Check out the online training session, “Comply With HIPAA Compliance Officer Practice Mandates.” During this 60-minute webinar, privacy expert Jay Hodes will walk you through every aspect of HIPAA compliance, so you leave nothing to chance.
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|