Is your physician office practicing these HIPAA compliance tips?

April 3, 2018

  • Provide an up-to-date training program on the handling of PHI for employees performing health plan administrative functions.
  • Make sure not to share sensitive PHI with others who shouldn’t have access, including co-workers or personal acquaintances.
  • Avoid accessing a patient’s record unless needed for work or with written permission from the patient.
  • Minimize occurrences of others overhearing patient information. Do not use a patient’s whole name within hearing distance of others.
  • Secure all paperwork containing PHI by placing in a drawer or folder when not in use. Cover charts so patient names are not visible. Never leave records and other PHI unattended.
  • Close computer programs containing patient information when not in use. Practice management systems with automatic time out settings can be valuable in this regard.
  • Limit e-mail transmissions of PHI to only those circumstances when the information cannot be sent another way.
  • Always use a cover sheet when faxing PHI.
  • Back up all disks that contain PHI. Storing your patients’ information in a HIPAA compliant cloud server is safer than using a localized server or paper documents, according to recent findings from the US Department of Health and Human Services.
  • Assign different levels of security clearance to specific people. Role-based security prevents employees from accidentally changing or seeing information that does not pertain to their specific duties.
  • Never share passwords between staff members. The HIPAA champion should assign passwords to all employees who are allowed access to PHI. Single sign-on PM systems use voice recognition or fingerprint detection along with user specific passwords to secure logins.Properly dispose of information containing PHI by shredding paper files.
  • Make sure computers have updated anti-virus scanning software installed. This guarantees your practice is reasonably guarded against malicious software.
  • It’s also important to make sure any vendors or other businesses associated with your practice are properly following HIPAA standards as well.

Previous post:

Next post: