The majority of medical offices today move their patients around the office to maximize time and flow. It is completely normal for a patient to move from the check-in desk, to the outer waiting room, to the inner waiting room, to the lab, back to another waiting room, to the exam room, on to various testing rooms, to chat in the doctor’s office, then to check out. At a minimum, that is seven stops for a normal visit! Every provider and manager should move through the practice, mirroring the patient’s route, to determine if each stop is HIPAA compliant. It is easy to overlook small breaches when setting up the flow in the office. See the practice through the patient’s eyes to help prevent breaches from happening.
Most practices have the outer waiting room under control. It is widely known that sign-in sheets are allowed, and that calling the patient by name is permissible. However, problems can arise at the check-in desk. Are stacks of charts visible to patients standing at the counter? Can they read the schedule the front desk is using to monitor patient flow? Stand on the patient’s side and look. What can you see? What needs to be turned over or moved from view? A great deal of information passes through this area. It is also highly visible to every person that comes into the office. Because it is extremely busy, it is often the spot that PHI is left where anyone can see it.
The layout of modern practices often includes workstations in the hall, near the “inner waiting area.” Patients are brought back to wait, and then the nurse moves to the station to look at charts or a computer. When you sit in this area as a patient, can you see what the nurse is doing? How easy is it to read the screen or chart that is open? When the provider is finished at the station, are they leaving behind items that contain visible PHI? Are they signing out of the computer so that nothing but a screen saver is visible? If the screen can be seen while in use, a privacy filter should be employed. No charts should ever be left within a patient’s site line. There is often not a lot to do, and looking at a readily available chart may appeal to some people as a way to pass the time. Even the most sensitive patient may glance at the name and any other stickers on the outside if the chart is where they can read it.
Many offices today do their own testing. This involves moving patients in and out of testing rooms with equipment. These machines often have their own data entered on patients, as well as computers. Sit in the patient’s chair. What do you observe? Is there anything within the patient’s reach if you leave the room and they are left alone? Keep in mind that screen savers or ways to shield testing equipment screens should be used.
Physicians often bring their patients into their personal offices at some point in their visit. When you sit on the opposite side of your desk, is there any PHI noticeable? There should be no stacks of charts, no schedules, no tests or results, and no communication from other doctors. There should also be a privacy screen on the computer and a screen saver should pop up whenever the computer is not in use. Don’t bring your patients in to put them at ease, and then show them that you are displaying private information for all to see.
Other problems are widespread throughout offices. Paperwork such as routing slips, charts and insurance information are left out. If you still use a system of charts on doors, make sure they are always turned around. Many practices post schedules at various spots around the facility to keep things running smoothly. Make sure that those are not where the curious eyes of patients can read them.
Wander around the office and just look. Observe what patients are looking at while they are visiting the restroom, waiting for lab work, or waiting in line at checkout. A great deal of the patient’s time in your office is spent sitting and waiting. Remember that fact when you are looking at how your office is handling PHI. What seems obscure to you may be obvious when a patient has nothing else to look at. Walk in your patient’s shoes to troubleshoot the spots where your staff is unknowingly exposing PHI and putting you at risk for a complaint. It only takes one patient noticing one thing. Be the patient and see what they are seeing when they move around your office. You may be surprised by what is slipping through the cracks.
Revolution Law Group is located in Greensboro, NC, and serves individuals and small businesses throughout the Triad and surrounding areas. To contact us please visit Revolution.law or call 336-333-7907.
The information included here is for informational purposes only, is not exhaustive of all considerations when creating documents, is not intended to be legal advice, and should not be relied upon for that purpose. We strongly recommend you consult with an attorney and do not attempt to create your own documents.