Believe it or not, most HIPAA violations occur by accident, due to simple human errors—but that doesn’t mean they don’t qualify as violations. You could be fined if your practice lets a patient’s protected health information (PHI) fall into the wrong hands, whether your staff member did it deliberately or not.
To reduce your practice’s HIPAA violations and avoid accusations and fines, check out five of the most common risk areas at your front desk, along with tips on how to sidestep these problems in the future.
1. Inadvertently Posting PHI on Social Media
Most practices think they’re in the clear from this potential violation, reasoning that they would never post a patient’s medical records or diagnoses on social media. However, it’s a lot easier to make a mistake on this front than you may think.
For instance, suppose you recently remodeled your waiting room and want to share a photo on social media, but the photo shows patients in the background. In this case, you’ve revealed their identities to all of your followers on social media, which would likely be considered a HIPAA violation.
2. Employees Illegally Accessing PHI
Remember that employees should only be accessing the minimum information necessary to do their jobs—they should never be looking at protected health information out of curiosity.
For example, if you work at a medical practice where your husband’s sister is a patient, it’s a violation to look at her record to find out what she’s been discussing with her doctor unless you’re required to do so to appropriately care for the patient.
3. Requesting Too Much Information on Patient Sign-in Sheets
Your patient sign-in sheets should only contain the minimum amount of information necessary to process patients into your practice. Or, as the government says, they must be “appropriately limited.” Asking patients to fill in extensive details could put you at risk of violations.
For instance, if you need the patient’s name and their time of arrival, that may be considered appropriate for your practice. However, asking the patient to write down the reason for their visit, their last menstrual period or any other detailed information could violate HIPAA.
4. Failing to Check for Signed Release Forms
Any time you’re releasing PHI, you must double check that you have a signed release of information on file and that you’re sharing information that the patient has permitted, to a party that the patient has authorized.
For example, suppose your practice gets a call from a camp administrator, who says that the patient can’t be admitted to camp because she forgot to bring her medical release form. The administrator asks you to fax it there. If you don’t have a release saying you can share that form with the camp, you cannot send it.
5. Emailing or Faxing PHI Without Protection
Protected health information is often misrouted by well-meaning practices who send unencrypted emails, or who send faxes to the wrong phone number. Both of these methods can easily cause PHI to fall into the wrong hands, so they require extra care.
In addition, hackers can easily access emails that aren’t secure, so you shouldn’t send anything to patients, other practices, or referring providers without securing your system first. Plus, outgoing faxes can be forgotten on the fax machine, allowing anyone who walks by to see them.
Take These Steps to Fix Your HIPAA Problems
You can’t slack when it comes to HIPAA compliance. Even if you think you aren’t likely to fall victim to HIPAA violations, it’s a good idea to assess your risk by practicing a few simple strategies.
- Stand where patients stand and see what you can see
- Walk the same path a patient does to observe what they may come across
- Don’t post passwords on sticky notes
- Don’t leave patient paperwork on the desk right side up
- Don’t leave keys to a filling cabinet within reach of others
If you see issues during this assessment, it may be a good idea to reach out to a healthcare attorney or compliance consultant to help you mitigate risk going forward.
You’ll need a lot more help if you want to prevent all of the potential HIPAA issues that could damage your practice. Fortunately, Tracy Bird, FACMPE, CPC is here to help. During her one-hour online training, Head Off HIPAA Front Desk Nightmares, Tracy will provide you with the step-by-step strategies you’ll need to keep your practice compliant. Don’t wait – register today!
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|