You must have adequate safeguards — administrative, physical, and technical — to protect patient privacy without disrupting patient care. And, you must be able to demonstrate due diligence. This means that unless you have a written authorization, you must never disclose PHI, even if the request comes from a potential or current employer. The only exception to this would be when filling out a worker’s compensation claim or otherwise required by law, as when ordered to do so by a federal judge.
The HIPAA Privacy Rule has been enforceable since 2003. Yet, some healthcare providers don’t always take either the law or the privacy rule as seriously as they should. Apart from having policies and procedures to ensure patient privacy is protected, ensure all staff in your organization or facility are trained on the various ramifications of the rule. This means that you need to also check to see whether there are any open access points in the wireless network of the organization from which an unauthorized person can log into electronic health records (EHRs).
If there are any incidents of unauthorized access to PHI, you should have corrective actions planned. No healthcare provider or employee of a practice or facility may view medical records in any format without a valid, medically necessary reason. Health information exchanges between practices and facilities are normal when a patient has multiple health issues requiring the attention of different specialists. In such a situation, the potential threats to data integrity are manifold.
Prevent Inadvertent Disclosures
You may also need to take damage control measures, including notification in case of a major breach. HIPAA privacy protections are real and OCR enforces them vigorously. It would be better if you had in place measures to ensure that there is no inadvertent disclosure of PHI, such as discussing another patient who works in the same organization as the patient you are seeing. A physician should never reveal other patients’ names or medical conditions. Other inadvertent disclosures could be made online, especially posts on social networking sites like Facebook.
Take Advantage of Our Compliance Tools
Conduct regular self-audits to ensure that your measures are effective. Such audits will also throw up any lacunae or vulnerabilities which might have escaped notice. You need to be here and get all those tools you need to stay ahead in the compliance requirements. These include our HIPAA compliance tools like our Compliance Wizard, and Risk Assessment Master to enable you to review your existing policies, and update them as and when needed. You will also learn what to do in case of a breach, and what the feds expect of you in such an eventuality.