Ensuring your computer systems and employees are Health Insurance Portability and Accountability Act (HIPAA) compliant is something that is of the utmost importance for agencies who deal with health information that must remain private and safeguarded. While training to be HIPAA compliant can vary based on your industry, one area that can reach across the board is proper computer etiquette.
What is Computer Etiquette and Why do we Need it?
With the use of computers being a factor for the majority of those working in human services, an understanding of computer etiquette is a MUST.
There are four areas of etiquette that should be considered, and all revolve around internet usage:
- Email. Emails are being sent multiple times throughout the day, making this an especially important area to be mindful of. Not only should an email be professional, but it should also send a clear and concise message. Take the extra moment to proofread an email before sending it, and always be sure that no HIPAA-protected information is being shared. If private health information must be sent via email, the proper encryption requirements must be in place to ensure HIPAA compliant secure messaging.
- Social Media. Practically everyone is on social media through one channel or another, which has raised concerns over how to properly keep your work life and personal life separate. Be sure your organization has a social media policy in place, which details expectations on what can and cannot be shared related to work and various situations experienced while working. Social media can be a wonderful tool for connecting your organization to a broader network of people but can also come back to bite you if proper etiquette is not being followed. Private health information should never be shared on social media.
- Smartphone. If you have a smartphone, you are basically walking around with a small computer in your pocket or purse. If the phone is a private one and not paid for by the organization, it is best to not use it for confidential work situations, nor should you be opening up private health information about a client on an unsecured phone.
- Internet browsing. Using a work computer means that all browsing on the internet is not private. Creating a policy that details what is and isn’t acceptable browsing behavior can help prevent many uncomfortable discussions or situations related to internet usage.
Other Computer-related Concerns About Being HIPAA Compliant
If your organization has concerns regarding the networking of computers, know that the HIPAA Security Rule has nothing in it that prohibits the networking of computers, whether inside the same company or between two unrelated companies who conduct business together. What you do need to be concerned with are the safeguards in place for protecting a client’s private health information, which involves technical, physical and administrative aspects. Be sure the risks of networking have been evaluated and your security features are documented.
Also, one simple matter in making sure you are HIPAA compliant is to never leave private health information up on your computer when you are away from your desk. Even a quick trip to refill your coffee leaves your computer vulnerable for anyone to see what is on your screen.
Being HIPAA compliant is not only an important aspect for many human services organizations, but a required one. With technology continuing to play a large role in how services are provided, it’s vital that the proper regulations and computer etiquette are followed by all employees.