Just because you're coding from home doesn't mean you don't have to be HIPAA-compliant. More and more physician practices are employing coders who work from home. While there are certainly benefits to these arrangements for all parties involved, they present special compliance challenges that practices must consider. "Out of sight does not mean out of mind," says Brenda Burton, president of MedExtend in Fayetteville, Ga. Practices need to establish clear confidentiality policies and procedures for all off-site employees, says St. Paul, Minn.-based attorney Gordon Apple. Practices and home coders should also ensure that they receive proper computer security training and that they have a system that will accommodate the secure flow of information, he says. Another area of concern is access to the computer you might use off-site. Ideally, you would have a computer solely for work, and no one else would be allowed to use it, Roach says. At the very least, you need to ensure that access controls are built into your system. To help cover your bases, Burton suggests that home coders follow these computer security tips:
Don't Neglect Good Old-Fashioned Paper Technical security issues aren't the only ones to consider. You must also ensure that paperwork isn't floating around that contains protected health information. This will require you to raise your consciousness level, Roach says. Keep all paperwork in a locked filing cabinet, and don't run errands with a car full of PHI, he says. And remember, HIPAA isn't the only game in town. Make sure you have received all the appropriate compliance training, Roach says. You should have a copy of your compliance program and attend compliance training sessions with other employees.
"Anytime someone works from home, they have special training needs," says attorney Michael Roach with Michael Best & Friedrich in Chicago. First and foremost in today's HIPAA-laden compliance environment, practices should work hard to ensure that home coders don't compromise patients' privacy.