Patient confidentiality breaches pose a significant risk in the healthcare industry. All healthcare providers and their team members must be aware that routine office practices, including telephone contact, verbal discussions, and computer use, inherently carry the risk of patient confidentiality breaches.
It is strongly recommended that:
1. Everyone should be educated, at a minimum annually, regarding HIPAA and patient confidentiality. This should be documented and maintained in employee personnel files.
2. Confidentiality agreements including non-disclosure and Business Associates Agreements should be signed by all healthcare providers and staff members.
3. Conversations regarding patient care should not be audible to patients and visitors in the waiting area.
4. Everyone should be advised to never discuss patient information outside the office, including the use of social media.
5. Review the flow of patients through the office to determine how best to maintain the privacy of PHI.
6. Computer screens should not be visible to patients or visitors.
7. Computers in exam rooms should not be left on or active when staff or providers are not present.
8. Any electronic device that is used for the transmission of PHI must be encrypted and have regular software updates installed.
9. Business Associate Agreements must be obtained and maintained for all vendors who have access to PHI.
Every healthcare provider should have policy and procedures in place in order to protect a patients confidential information.
Author(s)
Stuart J. Oberman, Esq.
Stuart J. Oberman is the founder and President of Oberman Law Firm. Mr. Oberman graduated from Urbana University and received his law degree from John Marshall Law School. Mr. Oberman has been practicing law for over 30 years, and before going into private practice, Mr. Oberman was in-house counsel for a Fortune 500 Company.
Read More =>