Healthcare information is such a rapidly-changing field that even for the experts, keeping up can be a challenge. When it comes to HIPAA compliance, one of the complicating factors is the rapid innovations in technology.
When the Health Insurance Portability and Accountability Act (HIPAA) was adopted in 1996, the Internet was new, a lot of us didn’t run Windows and not many people had email. Fifteen years later, it’s a whole new world. Even in the last two years since the HITECH act was passed, things have changed quite a bit.
If I take a screenshot of a report, what sections do I need to crop out? If I’m sending an email, can I include the patient’s date of birth? Do I need to lock my computer screen if I leave the room to get a cup of coffee? What if I work from home? Do I need a separate password for my screensaver as from my platform account? Can I let my 6-year-old play video games on the computer I use for work? What if my iPad links in to my home computer and I lose my iPad? If I’m backing up my laptop to an external hard drive, how do I make sure no PHI accidentally transfers?
That short list of computer questions contains a number of HIPAA violations just waiting to happen. So how do we know what’s okay and what’s a potential breach?
Here’s the problem – I could tell you the answers now but by next week, there will likely be some new technology that opens up a whole new way to accidentally violate HIPAA regulations. Keeping up with all of the possibilities is a full-time job. Keeping your entire staff up-to-date on all of the rules is another full-time job.
If your facility doesn’t have a dedicated HIPAA compliance officer on staff, one solution is to partner with a HIPAA compliance provider. There are a number of well-regarded HIPAA consultants in the industry who can help with one-time or ongoing training exercises. Even as a full-time HIPAA compliance officer, I’ve found it helpful to work with an outside company to provide independent compliance classes and testing to our entire workforce.
Last year, we decided that our entire team – transcriptionists, computer techs — even our bookkeepers and sales force – should be educated and tested in HIPAA and HITECH. We partnered with Review of Systems Expanded, LLC to offer online classes and testing to everyone at NEMT.
After their initial class and test, the entire NEMT workforce will take a refresher class each year on HIPAA and HITECH and will then retest and re-sign our HIPAA agreement and compliance manual. The entire process only takes a few hours and our staff reports that it’s made an incredible difference in their mindset; everyone already knows not to share PHI but the classes help to clarify the details and to keep security fresh in everyone’s mind.
Of course there are many other HIPAA firms and many other valid ways of maintaining staff compliance. Whatever option you chose for your facility, remember that education is always the key.
(PS – Don’t let your 6-year-old play with your work computer.)
More information on the Review of Systems Expanded program is available online at www.rosemtschool.com.
No related posts.