Provide an up-to-date training program on the handling of PHI for employees performing health plan administrative functions.
Make sure not to share sensitive PHI with others who shouldn’t have access, including co-workers or personal acquaintances.
Avoid accessing a patient’s record unless needed for work or with written permission from the patient.
Minimize occurrences of others overhearing patient information. Do not use a patient’s whole name within hearing distance of others.
Secure all paperwork containing PHI by placing in a drawer or folder when not in use. Cover charts so patient names are not visible. Never leave records and other PHI unattended.
Close computer programs containing patient information when not in use. Practice management systems with automatic time out settings can be valuable in this regard.
Limit e-mail transmissions of PHI to only those circumstances when the information cannot be sent another way.
Always use a cover sheet when faxing PHI.
Back up all disks that contain PHI. Storing your patients’ information in a HIPAA compliant cloud server is safer than using a localized server or paper documents, according to recent findings from the US Department of Health and Human Services.
Assign different levels of security clearance to specific people. Role-based security prevents employees from accidentally changing or seeing information that does not pertain to their specific duties.
Never share passwords between staff members. The HIPAA champion should assign passwords to all employees who are allowed access to PHI. Single sign-on PM systems use voice recognition or fingerprint detection along with user specific passwords to secure logins.Properly dispose of information containing PHI by shredding paper files.
Make sure computers have updated anti-virus scanning software installed. This guarantees your practice is reasonably guarded against malicious software.
It’s also important to make sure any vendors or other businesses associated with your practice are properly following HIPAA standards as well.