Home Health & Hospice Week

Compliance:

Protect Confidential Health Information In Patients' Homes

You must take your HIPAA compliance with you.

Do you have the tools to guard protected health information when you provide treatment in your patients' homes? Use this expert advice to make sure no wrenches are thrown into your compliance plans.

Educate Your Patients

Take some time to give your patients suggestions for keeping their information secure. "We recommend that patients keep their files in a drawer or another place that's not open to everyone," shares Betty Bundul, corporate compliance director of HIPAA Security for Allina Hospitals & Clinics in Minneapolis.
 
Good idea: Use your notice of privacy practices to initiate a conversation on how to keep medical information out of unauthorized hands, advises Brian Gradle, an attorney with Washington, DC's Hogan & Hartson.

Be Aware of the Ears in the Room

You can't always clear the room of your patient's family members or visitors, but you can protect yourself if and when PHI is overheard, Bundul notes. Explain to your patient that by having other people milling around, his PHI could be overheard.

You should never discuss others' PHI in a patient's home, experts note. If you make or accept a phone call about another patient, "leave the room or limit what you say," stresses Lee Kelly, senior security consultant with Fortrex Technologies in Frederick, MD. "There's still a chance someone will overhear you, but you've done your best to protect the patient's PHI," he explains.

Beware Computer Slips

The only file you should have with you in a patient's home is the one you need to treat that patient, Bundle notes. Any other patient files should remain locked in a safe place like the trunk of your car, she says.
 
And if you're working from a laptop or other portable device, make sure you have only that patient's file open, Kelly concurs. That way, even in a worst-case scenario, the only information that can be spotted by anyone other than you will be that of the patient you're visiting, he notes.
 
Remember: When you use a laptop in patients' homes, take measures to keep the electronic PHI from inappropriate access. "Use password-protected screen savers," Kelly offers. And in the home environment, your screen saver should come on after five minutes at the most, he says.
 
Like your patients' paper files, when not in use, a laptop should be kept locked up - whether in the trunk of your car or a closet in your home, he advises. "You want to keep it someplace where someone can't look in a window and see it," he continues.
 
You can't control everything that happens in your patients' homes, but you can decrease the chances that your patients' PHI will be inappropriately disclosed, experts agree.

Plan of Action

Ask a senior staff member to accompany a newer member on her first round of home visits to ensure patients are given enough information to keep their own medical data safe, Gradle recommends.

If you can't go with your newer staff to each home visit, you could try including privacy- and security-related questions on your annual patient satisfaction survey, experts suggest.

Editor's Note: For more information on HIPAA, see Eli's Health Information Compliance Alert at
www.elihealthcare.com.