Everyone knows that HIPAA is an important part of the modern healthcare system, but not everyone understands the impact that violating HIPAA regulations can have. Willfully, or even accidentally, betraying sensitive patient information can have serious repercussions. Fines from $50,000 to over $1 million can, and have, been levied against those who’ve violated these important regulations. In some cases, individuals who knowingly broke the rules received jail time for their indiscretions. Keeping your staff compliant with HIPAA requires vigilance and diligence. Here are three important keys to staying compliant with HIPAA regulations:
- Protect conversations. Any conversation about a patient should take place in the privacy of an office or away from exam rooms and waiting areas. Often it’s easy to have protected information revealed casually in conversation, or to mention a specific piece of information at the front desk where other waiting patients may hear. It’s also important to be sure that charts left in hallway holders can protect any information from people who may walk past. Remind staff to protect files, phone conversations, or discussions with other staff from those who should not hear or see them. Consider using HIPAA compliant methods of communicating such as patient portals for delivering test results, x-rays, or messages between the physician and the patient.
- Trash Disposal. Personal health information is NEVER to be discarded in the trash. Even something as simple as a sticky note with test results must be properly discarded. Many hospitals and large practice groups have shredding services that pick up sensitive information from a secured box and ensure that the contents are thoroughly destroyed. An inexpensive HIPAA-compliant shredder from your local office supply store can be a suitable method as well. Records can be digitally stored for added protection. Documents that are stored digitally should be ensured to have SSL encryption. When files are no longer needed, they can be easily and permanently deleted.
- Patient Lists. Many marketers want to offer your patients a variety of discounts, services, or other enticements, and they are willing to pay you to get access to your patient base. However, HIPAA very clearly states that selling patient information is a violation of their right to privacy. No matter how tempting the offer may be or how much money you might be offered, this one is an absolute no-no.
When it comes to HIPAA, erring on the side of caution is always your best bet. The risk of penalty is far bigger than any possible reward.
To find out how the Solutionreach platform can help keep your practice HIPAA compliant, click here.