Keeping your patient’s personal information confidential is an essential part of providing the very best medical care. Your patients expect that you'll keep their protected health information (PHI) private and confidential, and failure to guard it will make them question the quality of healthcare you provide.
We've all heard of HIPAA. The Health Insurance Portability and Accountability Act (HIPAA), requires strict patient confidentiality, and PHI violations can result in significant financial penalties as well as professional sanctions.
But do you and your staff really know all the ins-and-outs of HIPAA? Are you violating HIPAA without even realizing it? It can be hard to stay in compliance, especially with all the changes to practice software and tools.
Below are ten actions and situations that you may not realize are a violation of privacy according to HIPAA. Keep these actions in mind and review your office policies so that you’re in compliance and your patients’ information is secure.
1.Accessing patient records for former patients. who are no longer in your care because of concerns about what may have happened to them. This includes checking the medical records of a friend or co-worker because of concerns about their well-being.
2. Posting private patient information on social media sites, even if the post is done on a personal private Facebook page or Twitter account, or in response to a patient already posting something that breaks confidentiality. Don’t share or post photos of your paperwork or workload on your private social media site, as images can be enlarged to reveal personal health information on paperwork and documents. Don’t share or post photos of patients on your private social media site, even if the photos are taken during non-work hours.
3. Downloading protected health information to unsecured devices such as a cell phone, iPad or laptop in order to make the data more accessible for your job.
4. Accessing medical records to find an address, phone number or contact for personal reasons, such as social events like weddings, parties and other events.
5. Sharing login IDs or passwords, or leaving your computer unattended when logged into a system that contains protected health information.
6. Discussing private health information concerning a current client with their family members without being authorized to do so by the patient, or without knowledge that the individual meets the “involved in the patient’s care” standard.
7. Posting photos of patients or their names, addresses or towns on office walls, such as a “new patient welcome” on office bulletin boards. Patient information such as photos, names and addresses is protected health information under HIPAA, and can’t be shared in this manner without explicit patient authorization.
8. Calling patients in the waiting room by their first and last names in front of other patients or personnel. Instead, approach the patient directly or address them by either their first or last names.
9. Asking patients for personal information that other people may overhear, such as telephone numbers, addresses, birthdates or insurance details. This information is protected under HIPAA, and can be used for identity theft. Instead, ask the patient if anything has changed, or request that they review their private contact information on a computer screen.
10. Leaving patient’s charts or paperwork accessible to other patients on desks or computer screens.
While the privacy rules under HIPAA may seem cumbersome, it's incredibly important. Review your office policies and standards and evaluate your operations to make sure they are compliant. Do you have concerns about your office’s HIPAA compliance? We’d like to hear what situations you feel might unknowingly be compromising patient privacy.
Tell us about your HIPAA experiences in the comments!