How Compliance Relates To PHI (Protected Health Information) In an Office Setting
What Everyone Should Know Regarding Protected Health Information (PHI)
Scott: Hey, TXCIN Nation. I'm Scott Bullington with IMS and thanks for joining us on today's edition of TXCIN TV. I've really been looking forward to interviewing this next person because every time I see her, I get a hug and a lot of good information. Today, we're gonna talk to Ruth Golden. Now, Ruth is a senior practice educator with the TXCIN Network. So when we come back, I'm gonna get that hug, and you're gonna get some information on compliance and how it applies to PHI.
All right. So I got the hug. Now, it's time for you to get some training on compliance and how it applies to PHI. Ruth, thanks for joining us today. And let's go ahead and dive right into the information that you have on compliance and how it applies to PHI in an office setting.
Ruth: Thanks, Scott, for having me here today. And I really would like to touch on a very important item that all offices should be aware of and that is the patient information is protected at all times within the office setting. And there are several of the most common violations for this. There's a list of them. And most offices don't realize that they may be out of compliance. So I wanna make sure that they're aware of the main ones that they work with on a daily basis, that they can protect and maintain that confidentiality of the patient information.
Common Violations for PHI
Scott: Okay. So there's, obviously, quite a few different violations that a office may encounter. And give us some examples of one or a couple are the most common and that we can act upon right now.
Ruth: Okay. I think probably the number one thing is patient information disclosure within the office setting. You may be talking to a fellow employee regarding a patient's care and you're not talking in a private area where that information may spillover into your waiting room. You have to use discretion when dealing with any patient information. Another one would be your computers. Are your computer screens protected? I would use a screen that protects that information where someone else cannot see it. And I think one of the most important ones would be the disposal of medical information. We all know we have to shred it. We can't just throw it in a trash can. It has to be taken care of properly. So you want to make sure your vendor that you're using, if you have an outside [SP] vendor, you've outsourced that, make sure they're in compliance, that they've signed a business associate agreement that they are going to protect that information, or get a vendor that will shred onsite. So you have to protect that information.
Scott: What is the one thing, though, that you think doctors can do to help their office be more compliant?
Top Issue For Compliance
Ruth: I think the number one thing to do, Scott, would be employee training. Most employees do not have an active role in HIPAA training and compliance training. And it's not of lack of information for them on their part, it was just not a policy or procedure that is documented and performed within that office. So I think every employee, every new employee, every staff member, every clinical administrative, clerical staff member within that office setting needs to go through a HIPAA security training. So I think the number one would be just to have a training session, and maybe make it an annual event where they have to sign off, and that goes into their employee record.
Scott: Okay. So if they need to do more training, are they gonna get the training through you or are there also outside resources that they can look for to utilize as well?
Ruth: There's outside resources. Most offices should already have a compliance policy already set within their office setting. And that's one of the guidelines for HIPAA compliance, is that every employee has that training and they're aware of how to protect that information.
Scott: Okay. So if they need to get a hold of you, what's the best way to get in touch with you? By email?
Ruth: Yeah, probably email. It's email@example.com.
Scott: Okay. Good stuff. Well, thanks for sharing all that with us. And, folks, I hope you really understand the importance of compliance when it comes to protected health information. This isn't just something that we need to be doing every once in a while or maybe it's important, maybe it's not important, it is one of the number one things that offices need to focus on. And if you have more questions about it, get in touch with Ruth at the email that she just gave you or you can get in touch with me, firstname.lastname@example.org, and we'll get someone with you right away. Again, we wanna thank you so much for joining us today. We look forward to seeing you again and keep the mission rolling.