Healthcare providers must take the same physical and security measures to safeguard the PHI we are trusted within our work.
Some best practices to follow:
- Ensure your home wireless router traffic is encrypted and password protected.
- Change default passwords for wireless routers.
- Encrypt and password-protect personal devices you may use to access PHI such as cell phones and tablets.
- Computer programs containing patient information should be closed and logged out of when not in use. Lock your screens when walking away from your computer.
- Do not share sensitive PHI with others who shouldn’t have access, including co-workers and personal acquaintances.
- Only access a patient’s record if needed for work.
- Avoid printing PHI; however, if necessary, keep all PHI, such as patient paperwork, charts, and records, locked away and out of view.
- Never leave patient information out where unauthorized persons may see it.
- Minimize the ability for others to overhear patient information, for example, saying a patient’s whole name out loud within the hearing distance of others.
- Do not allow friends, family, etc., to use your devices that contain PHI.
- Limit email transmissions of PHI to only those circumstances when the information cannot be sent another way. At a minimum, use encryption tools (most businesses provide tools to send encrypted emails).
- Never share passwords between staff or family members.
- Immediately dispose of information containing PHI when no longer needed by shredding paper files.
- Use a privacy screen on your monitor(s).
Take the time to review your organization’s HIPAA Privacy and Security policies. Work with your IT department to ensure your home office is HIPAA compliant.