7 Ways Employees Can Help Prevent HIPAA Violations
There are several qualities of working in healthcare that are not dissimilar from other careers in other industries. You need to come into work on time, work hard while clocked in, get along with the other staff members, be a good representative of your company and so on. But there’s at least one aspect of working in healthcare that most other industries don’t need to worry about: violating the HIPAA Privacy Rule or Security Rule.
When a single employee’s actions result in a HIPAA violation, it not only results in major consequences for that individual, it also jeopardizes the entire organization. If an employee/workforce member breaks a common HIPAA violation, even in the most innocent way, the entire organization faces the threat of severe penalties, both financial and reputational.
Healthcare workers are on the frontlines of patient communication and information handling, so understanding the key ways you can prevent potentially disastrous violations is critical. Here are seven ways healthcare employees can help avoid HIPAA violations.
1. Be educated and continually informed
The first way to ensure staff members aren’t violating HIPAA is to educate and inform each employee on HIPAA regulations and when any changes are made or new information is released regarding those regulations. Everyone should also be told what penalties they and your workplace will face if compliancy isn’t maintained by all. Hold in-office trainings to teach employees all they need to know about HIPAA privacy and security regulations and to answer any questions they might have. You or your HIPAA privacy office can conduct these trainings, or if you use HIPAA security software, many of these programs offer training courses and seminars for your office to use. Take the necessary time to keep staff members knowledgeable on the HIPAA regulations and device standards they must follow in order to keep themselves and your organization HIPAA compliant. Education will take time, but it’s your best asset so make the time to do it.
2. Maintain possession of mobile devices
The most common HIPAA violation today is mobile devices storing patient health information being lost or stolen. It’s the obligation of covered entities and business associates to keep their mobile devices secure and out of the wrong hands, so if an employee accidentally loses a laptop or work tablet, or leaves it unattended and it gets stolen, your business pays for that mistake. Continually remind employees to be aware of where mobile devices are at all times and to shut them down and lock them up when they’re not using them.
3. Enable encryptions and firewalls
Your next defense with mobile devices is enabling encryptions, firewalls and secure user authentication on every device. There are technologies that can also remotely lock, or wipe (ie. Reset to factory defaults erasing all apps and data) using apps and software programs. This is your backup plan if a work device is lost or stolen. Again, stress the importance of maintaining possession of devices and keeping the encryptions and firewalls up-to-date and user authentication hard to crack to employees handling these devices. Accidents do happen, but sometimes employees are just cavalier, so to help your employees and yourself remain HIPAA compliant, enable these security precautions on each mobile device your business has and lends out for employee use.
4. Double check that files are correctly stored
Handling paper and electronic files is a tricky business. Misfiling a patient’s paperwork in a cabinet or saving it on the wrong computer drive or network is a costly mistake. And many employees fall victim to this because they’re distracted while filing. Constantly remind employees who deal with patient files to focus on what they’re doing and double check that they properly store and save files in the right folders and drives.
5. Properly dispose of paper files
Again, this is a human error problem. Too many of these cases have occurred because employees forgot or chose not to shred paper files before throwing them away. An employee could be having a bad day, an extremely busy day or is easily distracted by other employees, which causes them to overlook shredding papers with PHI on it. The best way to avoid this problem and keep employees from violating HIPAA is switching to an electronic filing system. If you still prefer paper files, then make sure staff members’ double and triple checks that they properly dispose of any and all paper files.
6. Keep anything with patient information out of the public’s eye
A minor way your company and its staff could be in violation with HIPAA laws is having patient information in plain view to anyone who comes into your establishment. Don’t fall victim to this small but careless mistake. Keep patient folders closed, don’t have appointment calendars openly displayed in patient areas and keep your computer monitors and mobile device screens hidden from patients and visitors.
We found one Hospital displaying their patients’ X-RAY on a wall-mounted, big screen TV next to the Nurse’s workstation area where other patients walk by. Tell the staff to be mindful of these things and that if they notice something to be out of place to quickly take care of it before unauthorized eyes see it. Get everyone in the habit of keeping information concealed that needs to be.
7. Use social media wisely
Last but not least, express to employees just how crucial it is to use social media wisely. The way we communicate with each other has changed. Now, many people spend more time messaging on Facebook, sending Tweets and sharing how their day is going via a collage of pictures on Instagram. Social media usage has increased the likelihood for employees to violate HIPAA. Your safest bet to have employees and company remain HIPAA compliant is having a company rule not to post any text or pictures about what goes on in the workplace on social media or even on their personal blog. Your organization or business could be severely fined for neglectfully hiring, training and/or supervising an employee if he or she posts something sensitive, even if by accident or only shares a small tidbit of a situation that doesn’t include any names. Employees and businesses must be extremely careful when dealing with social media.
In order for your organization to remain HIPAA compliant, each employee must be HIPAA compliant. By educating, informing and training employees on what HIPAA regulations they must follow and the consequences they’ll face from being non-compliant, as well as reminding them to be smart and use common sense, employees can actually help prevent HIPAA violations from happening.