Medicare Compliance & Reimbursement

Compliance:

Take These Steps To Steer Visitors Away From PHI

You can open your organization to visitors -- here's how. Whether you allow anyone to look around your organization, or you only open your doors for job shadowers and other trainees, you must figure out how to deal effectively with visitors without risking your facility's privacy and security rule compliance. Follow these steps to keep your patients' protected health information private when non-workforce members are present: 1. Separate visitors into categories. You can't work with visitors as a lump group, says Kelley Meeusen, compliance officer for Harrison Hospital in Bremerton, WA. Better approach: Your vendors and consultants can go in a "business customer" column while your patients and their guests can go in the "personal customer" column. "We group job shadowers, temporary employees and volunteers in with our workforce," Meeusen says. Next step: Your volunteers should go through the exact same training as your regular employees. And be sure to direct business guests to a proper check-in point, Meeusen notes. 2. Issue badges to personnel and planned visitors. The best identification system is a badge that features a picture of the wearer, but that isn't feasible for all your visitors, says John Boyer, compliance coordinator for the HIPAADC Program Management Office in Washington, DC. Rather than giving planned visitors -- like consultants or tour groups -- a photo ID, issue them a color-coded badge when they first enter your facility, he suggests. Example: If a tour group checks in at 8 a.m., give the visitors a one-day badge that you will collect when they leave. Bonus: Track the number and type of badges issued each day.That will help you keep count of how many people should be in a group or on a certain floor. 3. Determine which areas visitors cannot enter. "We only allow strict access to our data hub, and that's never given to visitors," says Kelly Moore, privacy and security officer for Cogent Health Care in Daytona Beach, FL. Any highly confidential sections -- such as where you keep your main computer system or sensitive medical areas -- should be cordoned off from visitors unless it's absolutely necessary to allow them in, Moore advises. Example: Tour groups don't need to enter an AIDS ward or operating room, but there's no reason to keep them out of the emergency room. Tip: Any time a non-employee is found in an off-limits area, report it to the department supervisor. The supervisor should then determine how the slipup happened and take steps to ensure the error doesn't occur again. 4. Emphasize privacy and security training with visiting and part-time doctors. These physicians are typically the most resistant to following each facility's policies and procedures. That's not because they aren't concerned with [...]
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more