Whether you're a doctor, chiropractor, dentist or any other covered entities, you should take a proactive approach towards complying with the Health Insurance Portability and Accountability Act (HIPAA). Signed into effect by Congress in 1996, this wide-reaching federal law requires all healthcare practitioners (known as covered entities) to comply with the Security and Privacy Rules. Keep reading to learn some everyday HIPAA tips to utilize in your practice.
Ongoing Employee Training
Many healthcare practices makes the mistake of training their workers about HIPAA only once, usually when the worker initially signs up for the job. But HIPAA compliance isn't something that you can learn and forget. It's constantly changing and evolving from year to year. As such, covered entities should provide ongoing training to their workers, educating them on the nuances of HIPAA and any new changes made by the Department of Health and Human Service (HHS).
Contact Using Patient's Preferred Method
When a patient requests to be contacted via a specific format (e.g. cellphone or house phone), make sure you use this method. Calling a patient's cellphone when he or she requests to be called on their house phone may sound harmless enough, but it may not be compliance with HIPAA.
Remote Wipe Feature on Devices
It's a good idea to implement a remote data wipe on electronic devices that store EPHI. Hopefully, nothing will happen to your practice's devices. If one or more ever becomes lost or stolen, however, you'll need to wipe it clean to protect against EPHI disclosure. By implementing a feature such as this, you can easily wipe all sensitive data from lost or stolen devices.
Minimal Information on Sign-In Sheets
Assuming you allow patients to sign in using a publicly visible sheet at the front desk, you should only request a minimal amount of information, such as the patient's name and sign in time. Asking for additional information like their diagnosis, address, medical insurance number, etc. could be a violation of the HIPAA Privacy Rule.
Conduct Security Audits
Covered entities should also get into the habit of conducting routine security audits. The purpose of these audits is to identify potential risks and vulnerabilities to Electronic Protected Health Information (EPHI). Whether it's weak user passwords or lack of encryption, you should look for risks such as these. And if you find any, take immediate action to fix them.