what is hipaa?
Health clinics are not generally the most tranquil of places. Phones ring; nurses dash to and fro with patients doggedly trailing behind; physicians pop into exam rooms; and about a hundred other things seem to occur simultaneously. In such a fast-paced, demanding environment patient privacy concerns may seem to fall to the wayside. But if you own or work at a clinic, you know how important it is to maintain a high standard for client privacy in the face of the Health Insurance Portability and Accountability Act (HIPAA).
Mistake: Breaching privacy through office chatter
Prevent It: A doctor and a nurse stand in the hallway discussing a patient’s condition. They identify the patient by name and describe her medical situation. They may think they are having a completely justifiable discussion concerning the treatment of a patient, but they’ve just violated HIPAA standards. Healthcare professionals as well as all clinic staff need to be careful about what medical information they share verbally. If other patients or unauthorized employees overhear, the clinic could be fined anywhere from $100 to $1,000. A good rule of thumb is to never say anything that could potentially identify an individual patient unless you are consulting with them alone behind closed doors.
Mistake: Sending private information by email
Prevent It: A clinic staff member may send confidential patient information by email when they believe the patient is the recipient. But there is no guarantee that the patient alone will read the email on the other end. Any medical records or information sent through email should therefore be password protected and encrypted to protect unauthorized parties from viewing it.
Mistake: Accessing information with no valid reason
Prevent It: Unless a health professional is directly responsible for the care and treatment of a patient, they are not privy to that patient’s medical information. A physician may request to review the chart of a friend, neighbor, or acquaintance who was admitted to the clinic. Such a request, if carried through, is a direct violation of HIPAA. Health professionals must have a valid reason to access confidential medical information; simply knowing the patient is not a valid reason.
Mistake: Floating patient charts and non-compliant papers
Prevent It: Since patient charts contain medical information that is protected under HIPAA, they should never be treated as just another file. Leaving a chart behind in an exam room where another patient will enter is a major infringement of patient privacy. A patient’s chart should mirror their movements through the clinic to ensure that it never falls into unauthorized hands.
Clinics should also review all of their patient papers, including patient check-in forms to identify and eliminate any non-compliant forms they may be utilizing. Implementing electronic patient check-in procedures can help safeguard patient privacy because it helps eliminate all potentially non-compliant forms. In addition, using a real-time locating system (RTLS) for patient tracking can help enormously in maintaining HIPAA compliance. RTLS allows clinic staff to visualize which exams rooms are available, which patients are occupying which rooms, and who still needs to see the patient. This level of patient tracking eliminates the need for clinic staff to constantly discuss where patients are, what test they need done, what physician is treating them, and other medical information that should be kept confidential.
The hustle and bustle of a health clinic may be overwhelming at times, but it should never overshadow the need to keep medical information private. Your clinic will suffer financial losses if it fails to respect patient privacy.