Healthcare providers must take the same physical and security measures to safeguard the PHI we are trusted within our work.

Some best practices to follow:

  • Ensure your home wireless router traffic is encrypted and password protected.
  • Change default passwords for wireless routers.
  • Encrypt and password-protect personal devices you may use to access PHI such as cell phones and tablets.
  • Computer programs containing patient information should be closed and logged out of when not in use. Lock your screens when walking away from your computer.
  • Do not share sensitive PHI with others who shouldn’t have access, including co-workers and personal acquaintances.
  • Only access a patient’s record if needed for work.
  • Avoid printing PHI; however, if necessary, keep all PHI, such as patient paperwork, charts, and records, locked away and out of view.
  • Never leave patient information out where unauthorized persons may see it.
  • Minimize the ability for others to overhear patient information, for example, saying a patient’s whole name out loud within the hearing distance of others.
  • Do not allow friends, family, etc., to use your devices that contain PHI.
  • Limit email transmissions of PHI to only those circumstances when the information cannot be sent another way. At a minimum, use encryption tools (most businesses provide tools to send encrypted emails).
  • Never share passwords between staff or family members.
  • Immediately dispose of information containing PHI when no longer needed by shredding paper files.
  • Use a privacy screen on your monitor(s).

 Take the time to review your organization’s HIPAA Privacy and Security policies. Work with your IT department to ensure your home office is HIPAA compliant.