If you’ve recently reviewed the HIPAA Privacy and Security Rules, your head may still be spinning. But fear not, there are some basic and simple things that can be done to help keep your medical facility HIPAA compliant and achieve the ultimate goal, protecting your patient data.
1. Destroy paper copies of patient’s information as soon as possible. Make sure staff is careful not to leave printed information out where others have access to it.
2. Make sure computer screens aren’t visible to those in the waiting or check-in areas. If visibility is a concern, install privacy filters on monitors to prevent others from being able to read the screen.
3. Install anti-virus, intrusion detection, and firewall software on all facility computers. Run computer and systems checks often to make sure all computers remain virus free.
4. Do not use social security numbers as your patient unique identifier.
5. Stress to your staff the importance of logging out of your EHR whenever they leave their computer. Likewise, all passwords should remain confidential and staff should not share individual passwords with each other.
6. Encourage your staff to create complex passwords that don’t include easily guessed information like birthdays, pet’s names, family members, and favorite colors. Passwords should never be written down and be changed every three months.
7. Ensure your hardware is safe and secure. Computers and servers that contain patient data should be locked and secured when not in use.
8. Keep IT staff aware of staffing changes. If an employee leaves the practice, their status should be changed to inactive immediately to prevent them from accessing the system.
9. Don’t forget to review audit trails! Use audit trails to determine which employees are forgetting to log off the computer or can access information they don’t need.
10. Make sure everyone is on the same page about your facility’s security policies and is knowledgeable on why these policies are so important.
While this list is definitely not inclusive of everything HIPAA requires for patient data security, these suggestions are simple things you can do to help protect your patient’s data.