Health Information Compliance Alert

Published on Wed Jun 12, 2019 PDF

Remember, a script does not replace staff HIPAA training.

With the onset of health IT in the industry, the HIPAA Security Rule has stolen much of the compliance spotlight. But that doesn’t mean that the Privacy Rule doesn’t still apply and deserve attention. A great way to help your staff promote patient privacy and avoid snafus is to implement scripting as a HIPAA compliance tool.

Why: It’s a somewhat standard practice to have uniform responses to patient questions. Although the HIPAA Privacy Rule has been around for years now, any practice can tell you that patients ask questions about their privacy rights and HIPAA now and then. Both office and clinical staff should be able to provide patients with quick and accurate answers, and you can improve those odds if you create pre-written responses for the staff members to follow.

Definition: Scripting is simply the creation of prepared statements for patient questions. The script anticipates particular situations and privacy quandaries and provides staff with clear-cut responses.

Consider this scenario: A new patient comes into your practice. Instead of floundering for the right thing to say, your front desk staff can use a script to present the patient with your notice of privacy practices (NPP) and to answer common questions they may have regarding the form.

Remember, “covered entities [CEs] are required to provide a notice in plain language,” the Department of Health and Human Services Office for Civil Rights (OCR) guidance reminds. A script can aid with the Privacy Rule’s requirement. And it can also be extremely helpful for new employees and temporary workers unfamiliar with HIPAA and other office protocols.

Federal input: If you’re unsure about what needs to be covered in your script, the HHS Office of the National Coordinator for Health Information Technology (ONC) offers providers advice on talking to patients and their families about healthcare in the guide, “Communicating with a Patient’s Family, Friends, or Others Involved in the Patient’s Care.”

The ONC guide offers an overview on PHI sharing basics that every practice should review annually. And even though many of the examples used deal with clinical situations and providers, frontline staff can learn a lot about protecting patients’ privacy from reading the questions and answers.

HIPAA Training Goes Hand-in-Hand With Scripting

Whether your script covers only the HIPAA basics or is a manifesto of privacy advice, it won’t fully prepare your staff for challenging questions and difficult patient situations. There is no substitute for in-depth, annual HIPAA training for all staff — including clinicians.

Moreover, techniques like scripting must run concurrently with your practice’s ability to educate staff about the HIPAA rules. Because, if your frontline team doesn’t fully understand the fundamentals of privacy compliance or your organization’s policies and procedures concerning patient privacy, then chances are a script isn’t going to provide your staff or your patients with any relief.

Consult staff: Don’t make the mistake of excluding the front desk workforce in the creation of the scripts. Staff input on scripts is vital because you want the language to be both compliant and authentic. After all, these employees are most likely to deliver the dialogue outlined in the scripts, so it’s important they feel comfortable with what they’re going to say.

Tip: Host a brainstorming session once a month with all staff chiming in on prevalent HIPAA privacy scenarios. The end result should be a script that folks are committed to and covers a wealth of HIPAA-related scenarios.

A strong script ensures that frontline staffers can easily discuss privacy matters with patients, and that the group’s message is both consistent and appropriate. For example, a patient who asks the same question to different receptionists from the morning, afternoon, and evening shifts, should receive a similar response each time.

As you compose your scripts, tailor them to your office’s most frequently-asked questions, keeping staff members’ comfort levels in mind. For instance, when an individual is handed an NPP, the patient may ask what the notice is and why it’s being provided. A good answer might be: “We are providing this notice pursuant to federal privacy laws that require our practice to tell you how we will use your health information. This notice also informs you of the rights you have regarding your own health information.”

Bottom line: With patient privacy a perennial issue in healthcare, it’s smart business to promote HIPAA privacy compliance with best practices. Scripting is an easy way to help staff answer tough questions consistently. If all staff members use that same verbiage, consumers will get standard information across the board.

Resource: Review the ONC’s guidebook at www.healthit.gov/resource/communicating-patients-family-friends-or-others-involved-patients-care.