Inpatient Facility Coding & Compliance Alert

Follow these 8 tips to comply with the HIPAA security rule.

Even a small HIPAA breach could put your facility into financial disarray, considering the fact that you’d not only want legal advice, but you’d have to begin the notification process. Luckily, you don’t have to spend a fortune to comply with the HIPAA rules up-front, which can save you problems down the line. Consider these eight tips to ensure that you’re in step with patient privacy.

1. Ensure that each employee has a separate username and password for your computers. Don’t fall into the “easy” approach of assigning everyone in a department the same username and password. Instead, set up separate accounts for each person. Also, if each employee signs in under his or her own name, you can tell who’s altered which files, when they were altered and establish an audit trail. If you’re using Microsoft Windows or Mac OS X, setting up multiple passwords should be simple.

2. Unplug all modems and associated communication links whenever someone isn’t actively using them. This makes it more challenging for hackers to get into your system.

3. Look at what your business associates are doing. If your software vendor comes in regularly to update the software, make sure you know what this person is actually doing “behind the scenes” of your computers and what he’s able to access while he’s there.

4. Don’t just buy an off-the-shelf HIPAA solution. If you do, it won’t reflect requirements in your state. And tailoring your own solution may be cheaper than adapting someone else’s solution.

5. Choose your employees carefully. You may not necessarily set varying levels of access to information for different employees within a department. Instead of establishing individual access privileges for each employee, make sure you hire good and trustworthy people. Evaluate them at the interview stage, and schedule periodic check-ins on a regular basis.

6. Encourage security literacy among your IT staff. Ensure that your staff members are aware of the potential weaknesses in an IT system and allow them the training to stay on top of how to close those gaps.

7. Put monitors behind a counter or position them so patients can’t read them. 

8. Keep an eye out for people wandering around your back office who don’t seem to belong there. Your staff will know each other -- and probably many employees from other departments -- by sight, so they should be able to tell at a glance if someone seems out of place.

The numbers: CMS had to notify almost 14,000 Medicare beneficiaries between 2009 and 2011 that their privacy had been breached. That’s why keeping a close check on patient and information security is an important issue for every facility and physician practice, no matter the size.