Health Information Compliance Alert

HIPAA Training:

DON'T GET REAR-ENDED BY YOUR FRONT DESK

When health care providers think of the Health Insurance Portability and Accountability Act's privacy rule, they mostly think about what happens to patients when they're at your office or facility but there's a whole slew of problems that could arise when there are no patients in sight.

And while considerable time is being spent hashing out what doctors can and can't do and say under HIPAA, health care organizations must remember that front-line employees such as receptionists are just as responsible as physicians for maintaining patient privacy.

First and foremost, covered entities must keep in mind that the law requires that you familiarize all employees with HIPAA, notes consultant L. Michael Fleischman with Gates Moore & Co. in Atlanta. As part of their training, provide every employee with a copy of your policies and procedures, so everyone understands "every little nuance that could possibly impact them," he suggests. Also, require each employee to sign a confidentiality agreement stating that they won't violate any part of the HIPAA rules, he instructs.

And take time to highlight areas that could be particularly problematic for receptionists and other front-line employees, experts suggest. For example, make sure your receptionists understand the minimum necessary requirements, so they don't give away too much information if a payor requests additional information about a patient in order to process a claim. That's just one of many potential landmines for front-line staff members, Fleischman says.

Another potentially dangerous area is something as simple as "two front desk people going out to lunch and talking about who they saw in the practice and what they had," he warns. If the wrong person overhears that conversation, you could have a whistleblower case on your hands before you even know what hit you.

And if it comes to light that receptionists are being too loose-lipped because they were never trained on HIPAA, "that's a big problem," Fleischman warns. Then not only is your organization facing a whistleblower suit, but you're also clearly out of compliance with HIPAA's training requirements.

Other Articles in this issue of

Health Information Compliance Alert

View All