The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to keep our personal medical information private and easy to transfer between health professionals.
Although HIPAA has encouraged strict privacy processes at many medical practices, many still have plenty of room for improvement.
Receptionist client Scott Zimmerman, CEO of Nexis Wellness in Cleveland, Ohio, recently joined us on the FABRIC podcast to give us some privacy tips he’s gathered running his own medical business.
We certainly aren’t lawyers and this isn’t legal advice, but we wanted to share some of these simple ways to improve patient privacy at your medical practice.
Of course, prioritizing patient privacy isn’t just about legal compliance. It’s also a key step towards earning and keeping your patients’ trust.
A Private Check-in Process
Most clients don’t enjoy walking into a waiting room and having to announce their names in front of everyone sitting around them.
That’s even more true when patients are checking in for a treatment or health-related issue that is especially personal. Their name could then be announced another time when they are called back for their appointment.
Give your patients an opportunity to check-in privately, and you start their visit out in a positive way that puts them at ease. You’re also demonstrating that you’re making an effort to respect their privacy, which is required for HIPAA.
It’s not just the out-loud, name-calling portion of the check-in process that affects your practice’s medical privacy. Think about the visitor log.
If you use an old-fashioned paper log, patients can see the names of others who checked in before them written on the list. Even if administrative staffers are diligent about blacking out or covering names, there’s a chance other visitors might recognize one.
Eliminate these privacy concerns with an electronic check-in system like The Receptionist. Patients log in via a tablet that no one else can see, and their details are stored securely in the cloud. The system alerts their medical practitioner via text or chat message when their patients arrive so they don’t have to poke their head into the waiting room and check that their next patient has arrived. (You can see The Receptionist for yourself with a free, 14-day trial.)
Patients discuss their most sensitive personal data in exam rooms and medical offices. Many practices don’t work hard enough to make sure that those conversations stay private.
To make sure that discussions from inside these rooms can’t be heard outside, Scott at Nexis Wellness has taken a few of the following precautions:
- Walls all the way up to the ceiling (no open plan features)
- Door strikers to create a tight fit between the doors and walls, which keeps noise from escaping
- White noise being pumped throughout the space
For more on acoustics and soundproofing, check out our post about the backlash to open office design.
Unless you’re still using a copier with no built-in digital technology, your copier likely has a hard drive that stores data about any documents it processes.
That data can be accessed remotely via the internet if you don’t take steps to protect it. Someone can also access the printer on-site and remove it manually, or just plain steal the entire setup. For example, if your multi-function printer is stolen or left out by the curb on trash day, you could be in for a significant HIPAA violation
When it comes to securing copier data, the FTC suggests using encryption, securely integrating copiers into your network, and periodically overwriting copier hard drives.
Scott of Nexis Wellness is also rolling out a card swipe technology that ensures that no one without proper credentials can access the printer and that they’re responsible for any patient records left sitting on the printer.
Nexis Wellness also has a Business Associate Agreement in place with a high-speed fiber internet provider that is HIPAA compliant and takes extra privacy precautions with their internet service.
Secure Software and Document Storage
It’s your responsibility as a medical service provider to contract with companies that understand HIPAA and the importance of privacy and security.
But there are also some privacy practices that need to be observed internally.
Protecting your patient’s private data is a legal obligation, thanks to privacy laws such as the GDPR in the European Union, which establishes useful privacy practices for businesses to follow. We wrote more about the act in our post How The GDPR Will Affect Your Visitor Check-in Process.
Some of the most notable takeaways set forth in those regulations are that no businesses should be storing private info they don’t have a good reason to store, and they shouldn’t store it for longer than necessary.
For example, at Nexis Wellness, only the names of each visitor are collected at check-in (no contact information or other personal data). Then, the check-in data is automatically purged from the digital visitor log every night thanks to the auto-delete setting in The Receptionist visitor management software.
Private Contact and Intake Forms
Thanks to modern technology, it’s easier than ever for us to communicate with one another.
However, some of these new communication methods can cause issues with HIPAA compliance. Some of these privacy violations can happen as a result of automatic tech hardware updates on medical practitioners’ devices and tools.
For example, some smartphones are now set to automatically transcribe, store, and even email voicemail messages to their recipients, which can lead to plenty of potential privacy violations.
Similarly, you may think that your practice’s public-facing website doesn’t deal much with private medical information. However, most sites, especially those made with the most popular site builders, come with contact forms. If you add a generic contact form to the site and someone inputs private medical data and sends it over an insecure internet connection, you may be in violation of HIPAA.
The Importance of Privacy
Protecting patients’ personal medical information has plenty of other benefits that go beyond HIPAA compliance. When patients know that you take their privacy seriously, they’ll feel more comfortable returning to your practice and recommending it to their friends. Privacy measures make your patients feel safe and help you to uphold professional standards.When patients know that their privacy is taken seriously, they’ll feel more comfortable returning to your practice. #receptionistapp Click To Tweet
To learn more about Nexis Wellness, a unique coworking space for medical professionals, listen to our entire conversation with Scott over on The FABRIC Podcast.
Share this Post