Protecting Your Patients' Privacy

HIPAA Compliance Ideas for Healthcare Providers

There’s been a watershed in the healthcare industry – it’s called HIPAA (Health Insurance Portability and Accountability Act of 1996).

As a healthcare professional you're probably dealing with all of the ramifications of HIPAA on a daily basis, doing everything possible to protect your patients' privacy just as HIPAA mandates.

HIPAA simplified

While HIPAA may translate into a lot of extra paperwork for you, it has a worthy mission. In very basic terms, HIPAA has two primary components to which hospitals, health plans, healthcare "clearinghouses," and healthcare providers must conform:

• Administrative simplification, which calls for use of the same computer language industry–wide;
• Privacy protection, which requires healthcare providers to take reasonable measures to protect patients’ written, oral, and electronic information.

Congress passed HIPAA in an effort "to protect the privacy and security of individually identifiable health information."¹ Additionally, lawmakers "sought to reduce the administrative costs and burdens associated with healthcare by standardizing data and facilitating transmission on many administrative and financial transactions."² 

HIPAA consultants say these new regulations should save the healthcare industry money in the long run, provide improved security of patient information, and allow patients to have better access to their own healthcare information.

Becoming compliant

Shredders

While the HIPAA regulations call for the medical industry to reexamine how it protects patient information, the standards put in place by HIPAA do not provide any cookie–cutter answers, says Leah Hole–Curry, HIPAA legal counsel for FOX Systems, a HIPAA consulting firm. "HIPAA doesn’t necessarily prescribe the solutions, but it does require physicians to look at all of the ways that they use and access data today and determine whether that’s reasonable or not."

Following are some practical ideas for rethinking how you maintain and use patient information in your office.

Dedicate a HIPAA officer

Appoint one or two staff members (depending on the size of your office) to regularly review the HIPAA act and determine any additional changes your practice needs to make to keep your office compliant.

Remember, compliance is not optional. Those found in violation of the act will be penalized:

• "Civil penalties range up to $25,000 per violation of each standard.
• Criminal penalties range up to $250,000 in fines and/or up to 10 years in prison."³

Dividing files

An important part of HIPAA is the minimum use standard, which mandates that healthcare providers use and disclose patient information in ways that are minimally necessary to accomplish the task.

For example, a billing clerk does not need access to a patient’s entire medical history to bill for a service rendered, says Hole–Curry. Therefore, you may want to divide patient files into sections, having an office policy that clearly states who may access each section.

Consider converting to pocket–style classification folders, which have two envelope–like pockets where classified information could be stored. General information could be attached to the folder using the built–in fasteners.

Labeling files

End-tab labels

Take a look at the outside of your file folders. Do they possess identifiable patient information, such as the patient’s name, address, social security number, birth date, phone number, or specific information about a health condition? If so, you may need to re–label your files. Consider converting to a color–coded system that allows you to file alphabetically or numerically. Some label products will even permit you to print new labels right from your PC and personal printer.

Reviewing files

Patient files should not be reviewed in front of other patients. Accomplishing this task may become particularly tricky if the staff members who regularly review files also work at the reception desk.

You may want to partition off a small area of the reception desk with a panel system. For example the Iceberg Icecubes partition system® is an affordable series of 48" high panels that can be connected together to create a small cubical area.

Locking files

Locking accessories

When possible, files that are not in use should be locked. Locking the room where files are stored is a good start, but remember that cleaning, building, and other staff may enter your office while you are not there. According to Hole–Curry, "the less risk option would be to have a locking mechanism on your paper files, where you can have your staff lock them up at the end of the day" or when they are not in use.

You may want to take this opportunity to re–think how you file and purchase new filing cabinets – with locks. You may now choose from vertical, lateral, and open–shelf systems.

If a new filing system is not in the budget and your current cabinets do not have locks, it’s possible that they can be retrofitted with locks. For example, you can purchase a lock accessory for several Hon® file cabinets and easily install locks to select models.

Discussing patient information

To remind your staff not to discuss patient information in public areas, Hole–Curry recommends posting signs in elevators, hallways, reception areas, etc that say: Remember your patients can hear you.

Latest information and updates

If you have other questions, or want the latest information, visit the U.S. Health and Human Services Department's Web site devoted to HIPAA.

Back to top

¹Everything You Always Wanted to Know about HIPAA... but Were Afraid to Ask, Management Tools for Managed Care, Linnaeus, Inc.

²Ibid.

³Ibid.

LIMITATIONS. The information contained in this article is for general guidance. Such information is provided on a blind-basis, without any knowledge as to your industry, identity, or specific circumstances. The application and impact of relevant laws will vary from jurisdiction to jurisdiction. There may also be delays, omissions, or inaccuracies in information contained in this site. The information on this site is provided with the understanding that Staples.com and its affiliated entities, and various authors and publishers providing such information are not engaged in, and that providing such information does not constitute the rendering of, legal, accounting, tax, career, or other professional advice or services. As such, information on this site should not be relied upon or used as a substitute for direct consultation with professional advisors. Please refer to our Legal Terms and Conditions for further information.