To prevent potential violations of the Health Insurance Portability and Accountability Act (HIPAA), “we need to, first, cultivate a culture of privacy within the patient access staff,” says Julie Johnson, CHAM, FHAM, director of patient access and Health Information Management and HIPAA privacy officer at Mount Graham Regional Medical Center in Safford, AZ.
While patient privacy is likely in the forefront of a registrar’s mind, says Johnson, security of patient information is less so. “We often think of patient privacy at the front line. However, security of information is equally important,” she says.
Johnson gives the example of the HIPAA requirement involving workstation use, which states that physical safeguards should restrict access to authorized users only. “Patients and visitors to the facility should not be able to view information displayed on computer screens,” says Johnson. She gives these recommendations:
-
Make sure workstations are placed in physically secure locations where possible, such as behind lockable doors, or ensure cubicles are not located near an information desk in the lobby.
-
Keep patient information in folders to prevent people passing by or standing near the workstation from reading it.
-
Position computer screens so they can’t be viewed by anyone passing by the workstation.
-
Always log off before leaving your computer unattended, even for the briefest period.
“When training, always have the staff member log off before leaving the area,” suggests Johnson. “A few reminders can help this practice to become a habit.”
-
Give staff members what they need at their fingertips, such as eligibility software, scanning capabilities, and card swipers for payments, to eliminate the need to leave their workstations.
Johnson says to ask these three questions to ensure privacy and security:
-
Have employees been trained on security?
-
Do employees understand the security requirements for the data they use in their day-to-day jobs?
-
Is viewing by unauthorized individuals restricted or limited at the workstations?
When the mindset of patient access employees is focused on patient privacy, when staff has been trained and understands security requirements, and when workstations are physically prepared, says Johnson, “a violation is much less likely to occur.”
SOURCE
-
Julie Johnson, CHAM, FHAM, Director Patient Access/HIM, HIPAA Privacy Officer, Mount Graham Regional Medical Center, Safford, AZ. Phone: (928) 348-4027.
