Since its debut in 1996, the Health Insurance Portability and Accountability Act has served to streamline the process of patient health insurance transfers between providers, as well the movement of personal health records among physicians. The bill has also addressed issues pertaining to patient confidentiality. With the rise of digital platforms, such as electronic health records, the primary focus of HIPAA has shifted toward protecting patient confidentiality, given the increased number of security threats that are associated with electronic data storage, Medical Economics detailed.
Since 2009 especially, after the introduction of the Health Information Technology for Economic and Clinical Health Act, the Department of Health and Human Services, in collaboration with the Office of Civil Rights, has actively scrutinized healthcare providers to ensure that they are complying with the mandates. The organizations are also permitted to impose hefty financial penalties on providers that are found guilty of any violations, Medical Economics noted. Furthermore, according to Dentistry IQ, 2016 will witness a notable increase in the number of HIPAA compliance audits from the DHS, after the body announced that they would be paying even closer attention to the privacy rule.
A HIPAA violation fine can be damaging, not only to providers' finances, but also to the reputations they carry. The most effective way to escape being hit with a penalty is to avoid committing an infraction in the first place. Below is a list of six useful tips to help healthcare providers stay on the right side of HIPAA:
1. Use protective software
This is an obvious first step, but it bears repeating. All computers within a providers office must have protective software, such as firewalls, to curtail the risk of a cyber attack. More significantly, personal health records should be safeguarded by encryption software, Medical Economics argued. The software is relatively inexpensive, easy to utilize and highly capable of protecting valuable information.
2. Have clear guidelines in place
It's important to create office-wide guidelines concerning HIPAA compliance, and it's absolutely imperative that the information is relayed to staff in a clear, concise and accessible way. According to Dentistry IQ, the framework should include instructions about how to proceed after a violation has taken place and the appropriate penalties that will be handed down.
3. Hold educational seminars
Given the exhaustive nature of HIPAA rules, staff confusion about compliance procedure is common. The best way to remedy any misunderstanding is to hold routine training seminars concerning best practice procedures for HIPAA compliance. Dentistry IQ suggested that practices have staff members sign an agreement that states that they will obey HIPAA after they have completed the required training.
4. Never leave a computer unattended
This is a common sense rule applicable to employees at all levels - from executive management to nurses to receptionists. If it's necessary to leave a computer unattended, then it's imperative that the user logs out of her personal profile beforehand. This is one of the most common policies found in virtually every hospital, and for good reason. In a similar vein, workers should never share their log in credentials, including user name and password, with anyone else, The Health Law Firm asserted.
5. Consider hiring a privacy officer
According to Dentistry IQ, a prudent move for larger healthcare organizations is to hire a privacy officer that focuses exclusively on managing HIPAA compliance efforts. Having an assigned officer to work on the issue will further curtail the risk of violations occurring, as well as reduce stress for overworked administrators dealing with other concerns.
6. Ban selfies?
It may be surprising to learn that photographs taken in areas where patients congregate - such as physicians offices and clinics - could actually end up violating HIPAA. As Dentistry IQ elaborated, it's possible that a photograph, taken either by a patient or staff member, could inadvertently feature other individuals in the background. Should the photo then surface on social media sites, for example, the unsuspecting patient's privacy will be undermined and HIPAA violated. While complaints about this kind of HIPAA transgression are rare, it's important for healthcare organizations to proceed with caution. A complete ban on picture taking or video recording on cell phones is therefore advisable for clinics and hospitals.