Don't Let Home Coding Turn Into a Code Red
Published on Fri Sep 19, 2003
Just because you're coding from home doesn't mean you don't have to be HIPAA-compliant.
More and more physician practices are employing coders who work from home. While there are certainly benefits to these arrangements for all parties involved, they present special compliance challenges that practices must consider. "Out of sight does not mean out of mind," says Brenda Burton, president of MedExtend in Fayetteville, Ga.
"Anytime someone works from home, they have special training needs," says attorney Michael Roach with Michael Best & Friedrich in Chicago. First and foremost in today's HIPAA-laden compliance environment, practices should work hard to ensure that home coders don't compromise patients' privacy.
Practices need to establish clear confidentiality policies and procedures for all off-site employees, says St. Paul, Minn.-based attorney Gordon Apple. Practices and home coders should also ensure that they receive proper computer security training, and that they have a system that will accommodate secure flow of information, he says.
Another area of concern is access to the computer you might use off-site. Ideally, you would have a computer solely for work, and no one else would be allowed to use it, Roach says. At the very least, you need to ensure that there are access controls built into your system.
To help cover your bases, Burton suggests that home coders follow these computer security tips:
Run virus scans and use firewalls to prevent hacking and viruses.
Ensure that documents are not saved on floppy disks/CDs, retained in hard copy, or saved on alternate drives.
Stay in touch with technical support. Be sure information is not misrouted, and don't try to fix something you are not trained to handle. Make sure your passwords and access addresses are set up correctly. Report any breaches to your privacy officer or IT manager.
Prohibit others from using your workstations.
Take precautions to avoid accidental or intentional misuse of confidential information.
Secure your residence from mail interception. Use a guaranteed delivery service and always sign when sending and receiving packages.
Technical security issues aren't the only ones to consider. You must also ensure that paperwork isn't floating around that contains protected health information. This will require you to raise your consciousness level, Roach says. Keep all paperwork in a locked filing cabinet and don't run errands with a car full of PHI, he says.
And remember, HIPAA isn't the only game in town. Make sure you have received all the appropriate compliance training, Roach says. You should have a copy of your compliance program and attend compliance training sessions with other employees.