At our recent Ethics Committee meeting, our main topic was HIPAA and the seriousness of protecting the personal data of residents, children, staff, and facility.
This is a reminder to all Vincentian employees to report all potential privacy breaches. While many of us imagine breaches occurring through bad actors hacking into our system, the biggest threat comes from within. As stewards of protected health information, it is our responsibility to follow sound privacy practices. Remember HIPAA Privacy Standards mandate without authorization, resident PHI cannot be shared unless for treatment, payment, or business operations.
Research has shown that hectic workloads can lead to employee negligence and breaches. How many of us have sent an email to the wrong recipient or selected the dreaded “Reply All” instead of only emailing the sender? While these mistakes may cause mild embarrassment in normal business communications, sending emails containing protected health information to an incorrect recipient could be an unauthorized disclosure and violation of HIPAA. Any email containing protected health information must be encrypted.
Outside of electronic communications, HIPAA breaches can occur in hallways, elevators, cafeterias, and coffee shops. Talking about PHI in public spaces increases the risk of unauthorized disclosures. Instead find a private space to safeguard information or schedule a meeting in an office or conference room.
While most of our resident information is stored in electronic health records, Vincentian does receive test results and documents through faxes or mail. A printer/fax machine is another place to be diligent. Retrieve any documents containing PHI immediately. PHI must also be disposed of properly in a locked shredder bin.
Remember new methods of technology may not be HIPAA compliant. We should never text PHI. Instead use encrypted email or add a note in Point Click Care. Never share PHI on social media and do not take photos, videos, or audio recordings while on the job.
If you suspect a violation of HIPAA has occurred, you must report to Vincentian compliance officer, Katie Talerico at 412-926-6146 or ktalerico@vcs.org
Employees can always make an anonymous report by calling the compliance hotline at 1-866-435-2201 or online at www.mycompliancereport.com (use access ID “VCS”)
Remember protected health information should always be kept confidential, but breaches of information must always be shared with compliance!