- Provide an up-to-date training program on the handling of PHI for employees performing health plan administrative functions.
- Make sure not to share sensitive PHI with others who shouldn’t have access, including co-workers or personal acquaintances.
- Avoid accessing a patient’s record unless needed for work or with written permission from the patient.
- Minimize occurrences of others overhearing patient information. Do not use a patient’s whole name within hearing distance of others.
- Secure all paperwork containing PHI by placing in a drawer or folder when not in use. Cover charts so patient names are not visible. Never leave records and other PHI unattended.
- Close computer programs containing patient information when not in use. Practice management systems with automatic time out settings can be valuable in this regard.
- Limit e-mail transmissions of PHI to only those circumstances when the information cannot be sent another way.
- Always use a cover sheet when faxing PHI.
- Back up all disks that contain PHI. Storing your patients’ information in a HIPAA compliant cloud server is safer than using a localized server or paper documents, according to recent findings from the US Department of Health and Human Services.
- Assign different levels of security clearance to specific people. Role-based security prevents employees from accidentally changing or seeing information that does not pertain to their specific duties.
- Never share passwords between staff members. The HIPAA champion should assign passwords to all employees who are allowed access to PHI. Single sign-on PM systems use voice recognition or fingerprint detection along with user specific passwords to secure logins.Properly dispose of information containing PHI by shredding paper files.
- Make sure computers have updated anti-virus scanning software installed. This guarantees your practice is reasonably guarded against malicious software.
- It’s also important to make sure any vendors or other businesses associated with your practice are properly following HIPAA standards as well.
Medical Practice Management, Uncategorized