Spot problem areas and take action to protect yourself and your practice As you walk around your office, make sure you don't have any inadvertent HIPAA violations with this expert list of things to look for, created by Patricia Johnston, a consultant with Texas Health Resources in Arlington. For each item listed, check whether you observed the activity, the number of occurrences, and add any comments. - Staff discusses confidential information in public areas Next step: Take immediate action to correct any problems by focusing training on weak spots.
- Conversations with patient/family regarding confidential information are held in public areas
- Overhead and intercom announcements include confidential information
- Phone conversations and dictation are in areas where confidential information can be overheard
- Visitors in public areas can see computer monitors
- Unattended computers are not logged out or protected with password-enabled screen savers
- Computer passwords are shared or posted for unauthorized access
- Documents, films and other media with confidential patient information are not concealed from public view
- Whiteboards in public areas have more than the allowable information
- Medical records are not stored or filed in such a way as to avoid observation by passersby
- Confidential patient information is called out in the reception area
- Confidential information is left on an unattended fax machine in unsecured areas
- Confidential information is left on an unattended printer in unsecured areas
- Confidential information is left on an unattended copier in unsecured areas
- Confidential information is found in trash, recycle bins or unsecured pre-shredding receptacles
- Patient lists, such as scheduled procedures, are readily visible by patients or visitors
- Contractors, vendors and other non-patient visitor third parties are not appropriately identified
- Staff are not wearing name badges
- Patient records not filed in locking storage cabinets or rooms that are locked when unattended
- Security access mechanisms for buildings are bypassed
- When questioned, staff demonstrate lack of privacy awareness