The first thing you must do is take common-sense steps to protect patient information in your work area. HIPAA says you must "safeguard" patient information in your work area, so others won't come into contact with it. If patients or others see information that is not protected, they can file a formal HIPAA complaint.
Here are some "safeguards" you should take to avoid HIPAA complaints:
- If you see a medical record in public view where patients or others can see it, cover the file, turn it over, or find another way to protect it.
- If you must talk about patients, try to lower your voice and prevent others from overhearing the conversation. Where possible, you should hold conversations about patients in private areas.
- When medical records are not in use, store them in offices, shelves, or filing cabinets. Lock these areas when possible, especially after business hours.
- Remove patient documents from faxes and copiers as soon as you can.
- When you throw away documents containing patient information, you should put the documents in confidential bins for shredding.
- You should follow these safeguards as soon as possible. In the future, the government will issue HIPAA security rules that will tell you how to safeguard patient information kept on computers.
If you have questions about the safeguard requirement, please contact your supervisor or a HIPAA Privacy Officer.