With so many concerns to worry about, HIPAA is just one more compliance headache for many physician practices.
However, if you’ve kept an eye on the headlines, you know that recent data breaches at healthcare organizations mean you can’t just ignore HIPAA regulations, according to Physicians Practice.
Failure to comply with patient privacy rules can get healthcare workers in serious trouble, such as the case at ProMedica hospitals in Michigan where three employees were terminated after they accessed patient records which they were not authorized to look at.
Physicians can access a record if they are a member of the care team or even if a colleague asks them to review a clinical situation and provide an opinion, says Physicians Practice. But if a colleague happens to mention a case, and you look at a patient’s medical record out of curiosity, that’s not a permitted use of protected health information (PHI) and could get you in trouble.
It’s been almost 20 years since HIPAA’s inception and penalties for violations are not going away, says the publication. So train your staff and implement adequate policies and procedures to protect patient’s PHI.
While some HIPAA violations are obvious, others are more subtle, according to a rundown in Physicians Practice. For instance, be careful what you post on social media. Patients can post information about their own PHI, but if you respond online and discuss their protected information, you are violating HIPAA. Even posting positive patients reviews without patient permission can be a problem.
Remind employees not to post photos taken at the office or talk about work where they might inadvertently mention patient information even if they don’t use a person’s name.
Also, remind staff not to discuss patient information in the waiting room or other public spaces. And don’t get into discussions with patients about their health in social situations.