This is the third in our series of posts outlining ways to make sure your caseworkers keep HIPAA compliant. Previously we talked about the training and the computer etiquette needed for being HIPAA compliant. Today we look at the things you need to do within your office environment to remain compliant.
When you have a client’s medical records, keeping them private is essential to ensuring you keep the trust of the people you work with. But breaking that trust has financial consequences as well.
If an employee breaks a common HIPAA violation, even in the smallest way, that person and your organization could face crushing disciplinary action. And with fines ranging from $100 to over $1.5 million, it’s important your organization is more than just HIPAA compliant - it needs to be HIPPA vigilant. It all starts at the office with some basic common sense.
There are only two ways facilities keep a person’s health information, either paper or through electronic Health Protected Information (ePHI). Whether your organization uses paper or ePHI, make sure everyone at the office stays HIPPA compliant by following a few easy rules at the office.
The best and easiest way to keep employees from the pitfall opportunities paper presents is to simply switch over to electronic Protected Health Information (ePHI). Until then, be sure to everyone in the organization remains HIPPA compliant with the following:
For your eyes only
The information we work with is private and personal and must remain so. That’s the whole reason HIPPA was enacted. And remaining HIPPA compliant means all paperwork must be visible to you and you only. Get in the habit of covering up, turning over or putting away any files, appointments, notes etc. Anything which has your client’s name and medical information. Even if you get up to say hello or refill your coffee, don’t leave paperwork out in the open – a few seconds of attention can prevent whole lot of problems.
At the home
When the workload get’s to be too much at the office, it’s not uncommon to take work home. The rules at work are the rules at home. If friends stop by be sure all paperwork is put away in a secure place. Not even your closest family members are allowed to see any client’s medical information, this includes your spouse or partner.
Be sure files are properly stored
Constantly remind anyone who deals with client medical or psychological files to concentrate on what they’re doing. Have them make absolutely sure they properly store and save files in the right folders and cabinets. Just one misplaced file or record can result in a costly mistake. A client’s personal paperwork is sensitive and keeping it in its properly place is paramount.
Destroy ALL paper files
A no-brainer right? You would think. Yet it’s astonishing how many HIPPA cases occur every year simply because someone either forgot or chose not to properly destroy paper records. The best way to avoid this problem is shredding all documents. Make sure staff members’ double and triple check that they properly dispose of any and all paper files once they are no longer needed.
Since the implementation of electronic Protected Health Information (ePHI) much of a client’s information is stored electronically on computers, laptops, tablets and mobile phones. This has resulted in increased efficiency and convenience for caseworkers everywhere. It has also led to an entire new set of potential pitfalls. Be sure everyone in your organization is aware of them and stay HIPPA compliant.
Your computer, your eyes
Just like paperwork, all information and data on your computer screen must be visible to only you. And just like paperwork, extreme care must be taken to be sure only you are seeing it. If you are not interacting with a file, close it or collapse it. Stepping away for just a moment? Make sure you are not leaving any private information visible on any of your screens where someone passing by could see them.
Electronic file usage
Sometimes it’s easier to misplace an electronic file than a paper one. Dragging a document accidentally into the wrong folder can cause hours of frustrating looking for loss of vital information. At worse, the information can find its way into the public, resulting in severe fines and action.
Maintain possession of mobile devices
The most common HIPAA violation today occurs when mobile devices are lost or stolen. This puts patient information, and your organization, in jeopardy. Remind your people to always be aware of where their mobile device is at all times. When not in use they need to be turned off and securely put away.
Encryptions and firewalls
Set up encryptions, firewalls and secure user authentication on every mobile device you and your organization have. Then make sure your employees and organization remain HIPAA compliant by enabling these security measures on each mobile device you have, including any you may lend for employee use.
Nothing opens an organization to HIPPA violations quite like social media. Facebook. Twitter. Instagram. SnapChat. You and your employees must be sensitive to anything they say, post or upload. The most minor posts, even without names, can result in enormous consequences. The best rule of thumb is what happens in the workplace, stays in the workplace. Even a personal blog must be absolutely void about what happens at work involving your clients and their information.
Keep your eyes peeled for anything out of place or exposed for the public. If you do see something, take care of it fast before unauthorized eyes see it. Remember - staying HIPPA vigilant is the best way to stay HIPPA compliant.