You may think that you are compliant with current HIPPA privacy policies – but are you? Many times Physician offices, Pharmacies and Health clinics are violating HIPAA privacy without even knowing it.
Don’t ever have a bulletin board or anything welcoming new patients by name. This is personally identifiable information that is protected under HIPAA privacy compliance. Some offices like to do this, thinking it’s a warm way to great new patients but it’s not. This information may not be shared without prior authorization from the patient.
In many physicians offices and health care facilities, patients are called up in the waiting room by their full names in front of everyone. Using first or last names only is the recommended practice to help preserve the patients privacy.
During check-in at offices and pharmacies, some require you to speak your full name, address, date of birth, current insurance, etc. – in the middle of the waiting room, surrounded by people. This is highly sensitive information which could be used for identity theft. Patients should be far enough away from the check-in area that they cannot over hear these types of conversations. Consider asking if anything has changed or request the patient review a print out or computer screen for the information and make any necessary changes. HIPAA privacy does include any information spoken as well as written or stored electronically.
Never ever leave potential PHI out where anyone could possibly see it. Keep charts out of plan view which identify a patient’s name, address and other information without the need to even open the file.
Do you utilize sign-in sheets for check-in? Do you make sure that the previous person’s name is removed or crossed off before the next patient can sign in? If not, you may be violating HIPAA privacy again.
Did something funny happen in the office today? Do you want to share it on social media? Just don’t do it. Any information or photographs that could possibly identify someone is again, a HIPAA privacy violation. Make sure that all your staff are aware of this as well and make sure that you have strict guidelines and policies in place to handle such incidents.
These are just some of the most commonly seen HIPAA privacy violations. You should make sure that you have privacy policies in place, employees are trained in the importance of patient rights to privacy and that you regularly review and re-train. For more information on the HIPAA privacy rules, you can visit the HHS website at https://www.hhs.gov/hipaa/for-professionals/privacy/index.html