HIPAA for Healthcare Workers

Healthcare workers have an obligation to adhere to the standards set forth by HIPAA. HIPAA for healthcare workers comprises of several components, most of which relate to patient privacy. HIPAA for healthcare workers is discussed below.

What is HIPAA for Healthcare Workers?

HIPAA for healthcare workers requires measures to ensure the confidentiality, integrity, and availability of protected health information (PHI). 

◈ Policies and Procedures. Each healthcare organization should have a set of policies and procedures in line with the HIPAA Privacy, Security, and Breach Notification Rules. These policies and procedures dictate the proper uses and disclosures of PHI, how your organization protects PHI, and procedures for reporting a breach.

◈ Minimum Necessary Standard. The minimum necessary standard is one of the most important aspects of the HIPAA regulation. This standard states that healthcare workers should only access PHI for a specific purpose. Healthcare workers that access patient records outside of their job function are violating HIPAA. This is why healthcare workers should only have access to the PHI that they need for their job.

◈ Responding to Patient Reviews. Businesses often check their online reviews to see what customers think of them. This goes the same for healthcare businesses. However, responding to patient reviews can be risky. It is a HIPAA violation to respond to patient reviews in any way that confirms that a patient is one of your organization’s patients. The only permissible way to respond to a patient review is with a simple “thank you” or “please call us.”

◈ Proper Use of Social Media. In an ideal world, healthcare workers would not be using social media while at work. It is unrealistic to think that workers will not use social media while at work. When a healthcare worker is using social media, it is a HIPAA violation to share PHI on social media without patient consent. This includes patient images, names, medical information (or any of the 18 identifiers of PHI). This applies to PHI even in the background of a photo or video. 

◈ Breach Disclosure. If you suspect that your organization has experienced a breach, or other HIPAA incident, you must report the incident to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). In addition, employees must have means to report an incident anonymously. 

How to Ensure Adherence to HIPAA

The only way to ensure that healthcare workers adhere to HIPAA standards is by training employees. Without employee training, healthcare workers are unaware of their obligations to HIPAA, and therefore cannot be expected to follow HIPAA rules. As such, whenever a new employee is hired, they must be trained on HIPAA basics and your organization’s policies and procedures. In addition, employees must be retrained annually as a refresher.