Most of the focus of HIPAA is on how to handle patient information on computers or in written form. Because of this, most types of training tend to gloss over the other areas where HIPAA slip-ups can occur. In this month’s training, we will focus on some that you may not have realized. This will be a short lesson and should serve more as a refresher to help you keep these in mind.
Leaving Messages
With most people having direct, mobile numbers now, this seems less of an issue. However, many patients still make use of answering machines at home or may share the mobile device with someone else. Because of this, do not leave detailed messages on any type of messaging service. Simply let the patient know that they need to call your office for lab results, doctor’s instructions, etc.
Speaking in the Office
This one seems less obvious but being mindful of speaking with a patient about their medical information only in private. Don’t leave the door of their exam room open and talk to them from the doorway, outside the room, etc. Other patients in the practice can hear this information. Depending on the sensitivity of the information, the patient may make an issue of it.
Printed Materials
Practices often give the patient printed copies of the office visit containing a good bit of personal information. Patients, in turn, often leave this information behind in common areas such as the waiting room. Ensure that no printed materials containing PHI have been left in areas where other patients can view them.
Responding to Online Reviews
Online reviews on sites such as Google Local, Yelp, and Facebook are extremely common. They are how many of us choose which businesses or practices we will utilize. However, in the case of medical practices, reviews can be a potential HIPAA violation. Whether a patient leaves a positive or negative review, the practice should never leave any response that confirms anything about the patient or their treatment. For example, if a patient leaves a positive review about a specific procedure, the practice shouldn’t reply with we are glad the procedure turned out well for you. The proper response would be simply to thank the patient for their kind words. Don’t even say we look forward to seeing you again.
The same applies to negative reviews. Do not counter the patient’s claims in your response. Respond by saying please contact our office so that we may help you resolve any concerns you have.
Remember – the patient can make as much of their PHI public as they wish. But that doesn’t give pratices the right to further reveal information. Patients are not bound by HIPAA regulations.