Health Information Compliance Alert

Published on Sat Jan 13, 2007 PDF

Question: What should we be doing to protect PHI when we provide treatment in patients' homes?

Answer: Take some time to give your patients some suggestions for keeping their information secure. "We recommend that patients keep their files in a drawer or another place that's not open to everyone," shares Betty Bundul, corporate compliance director of HIPAA Security for Allina Hospitals & Clinics in Minneapolis.

Good idea: Use your notice of privacy practices to initiate a conversation on how to keep medical information out of unauthorized hands, advises Brian Gradle, an attorney with Washington, DC's Hogan & Hartson.

You can't always clear the room of your patient's family members or visitors, but you can protect yourself if and when PHI is overheard, Bundul notes.

Tip: Explain to your patient that by having other people milling around, his PHI could be overheard. If he refuses to clear the area, ask him to sign an acknowledgement form that states he is willing to accept that risk.

In the same vein, you should never discuss others' PHI in a patient's home, experts note. If you make or accept a phone call about another patient, "leave the room or limit what you say," stresses Lee Kelly, senior security consultant with Fortrex Technologies in Frederick, MD. "There's still a chance someone will overhear you, but you've done your best to protect the patient's PHI," he explains.

The only file you should have with you in a patient's home is the one you need to treat that patient, Bundle notes. Any other patient files should remain locked in a safe place like the trunk of your car, she says.

And if you're working from a laptop or other portable device, make sure you have only that patient's file open, Kelly concurs. That way, even in a worst case scenario, the only information that can be spotted by anyone other than you will be that of the patient you're visiting, he notes.

Remember:  When you use a laptop in patients' homes, you've got to take measures to keep the electronic PHI from inappropriate access.

Best approach: "Use password-protected screen savers," Kelly offers. And in the home environment, your screen saver should come on after five minutes at the most, he says.

Like your patients' paper files, when not in use, a laptop should be kept locked up -- whether in the trunk of your car or a closet in your home, he advises. "You want to keep it someplace where someone can't look in a window and see it," he furthers.

You can't control everything that happens in your patients' homes, but you can decrease the chances that your patients' PHI will be inappropriately disclosed, experts agree.

Plan of action: Ask a senior staff member to accompany a newer member on her first round of home visits to ensure patients are given enough information to keep their own medical data safe, Gradle recommends.

Best bet: If you can't go with your newer staff to each home visit, you could try including privacy- and security-related questions on your annual patient satisfaction survey, experts suggest.