If your front desk is buried under piles of paper, it’s likely a HIPAA violation in the making. Why? The front desk is a mandatory stop for everyone entering your practice: patients, sales reps, delivery guys, and more. What kind of sensitive information could wandering eyes see? Here are a few scary scenarios:
- A computer screen with your schedule and full patient names
- Wi-fi or EHR passwords written on Post-it notes
- Patient records with names, addresses, and social security numbers
- Keys to office areas
- Patient messages for the doctor
- Copies of patients’ health insurance cards
- Printed prescriptions
Even seemingly small HIPAA violations could land you in audit territory with the OCR, and all it takes is for a patient or employee to report you. To keep your front desk out of the danger zone, Adam Parker, OD, who presented on security at SECO 2017, recommends taking actions like these:
- Look at things from the patient’s perspective. Stand and walk where your patients stand and walk. What’s visible?
- If you take notes or phone messages on paper, either turn them face-down or store them in a drawer till they’re needed.
- A ‘no cell phone’ policy for the front desk removes an opportunity for an unscrupulous employee (you did do that background check, right?) to photograph PHI. It will also ensure that your employees’ eyes are on your patients, not on Facebook.
- Never discuss one patient in front of another patient.
- Use a privacy screen for all computers. Privacy screens reduce the ability for passers-by to see an open screen containing PHI.
- If possible, make reminder calls (or other calls where PHI might be discussed) from the back office.