Healthcare Compliance - The People Problem

While it is vital to be wary of systems failures and criminal hackers, and protect against these threats to protected health information (PHI), the most common source of data loss in the healthcare industry is simple human error. The path to data disclosure can be as quick as mistyping a file name or clicking the wrong button.

Ensuring proper compliance standards and improving technology are necessary steps to safeguarding PHI and patient confidentiality, but equally important is addressing the People Problem. If you haven’t already, it’s time to establish a formal HIPAA training regimen.

Here are some best practices for training employees to follow proper procedures to protect digital PHI.

Conduct Regular Training for All Employees

HIPAA training shouldn’t just be an introductory course for new employee training. Include it in annual or quarterly refresher trainings, and expect all employees to participate. The training may be differentiated based on job title and responsibility, but a precedent should be set for all employees to share responsibility for maintaining proper policies and procedures.

Ensure All Employees are Fully Informed on How to Handle Violations

Even with regular training, people will make mistakes. Educating employees on how to respond to violations can lessen the impact of those mistakes. Employees should known the actions they should take, the chain of command to be notified and contingency planning that should be implemented. It may also be beneficial to appoint a single point-of-contact for information and resolution.

Implement Information-Sharing and Mobile Device Safeguards

In this mobile communications era, data movement and file-sharing is prevalent. Without proper measures in place, it is too easy for someone to end up with accidental access to data and PHI. Secure remote access to internal network assets with encryption and data loss prevention tools and strategies. To protect mobile devices, use password protection, tracking software and/or automatic disabling technology for business and employee owned laptops, tablets and smartphones that come in contact with PHI.

Regularly Review and Update Compliance Software, Processes and Procedures

All training and technology should be regularly reviewed to keep up with the threats, which are constantly changing and evolving. Providing a forum for lower-level employees to report comments or complaints may be a smart way to get feedback on how to improve systems before they become problematic.

At QTS, we understand that compliance can be a burden. However, it plays a necessary role in protecting both PHI and your business. Keeping employees informed and trained enlists their help and responsibility in creating successful patient outcomes.