Is it patient information?
In today’s busy office environment, where it is high priority to respond to patient requests as soon as possible, it is common for medical practice employees to text information to each other and to patients. Often, those text messages include patient information.
We can help your practice stay on top of the latest healthcare news, rules, regulations and trends. Subscribe to stay current and up to date on important matters that will impact your practice. (To subscribe to our blog click here).
When your employees use their personal phones to text patient information, they are creating one more threat to your practice. Not only do you already have to be concerned about company equipment and technology exposing data, but you now also need to worry about how employees treat their personal phones.
What can you do to prevent vulnerabilities related to employee cell phone use?
1. Establish a policy against personal cell phone use. Make it clear to your staff that they are never to use their personal phones to take pictures of patient information or send text messages containing private data, even to the patient. Stop this activity from the beginning with a clear policy against it.
2. Provide ample technology and equipment for your staff to do their jobs. It will be less enticing to just snap a picture and send a text when your employees have a scanner and computer available to send documents. Train all of your employees on how to use those machines appropriately.
3. Periodically audit your employees use of personal cell phones. Remind your employees about the policy against using their personal phones for data transmissions, but also encourage them to delete the pictures and texts that are already on the phones. Tell your employees to eliminate what PHI they may have on their phones, so that if the phones are stolen or accessed by another person, the PHI will no longer be accessible.
4. Involve your employees in developing technology policies and procedures. The best way to get your employees to buy into practice policies is to have them be part of the development process. What do they want in place to help hold them accountable? What equipment do they need to help them avoid the use of their personal cell phones?
We can help you craft and implement a customized HIPAA Compliance Plan that includes tailored policies and procedures to encourage appropriate and proper employee technology use. Contact us today!
We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.
P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.