From the January 2017 issue of HealthCare Business News magazine
Closely review advertisements
The health care industry is subject to deeper scrutiny than other industries when it comes to advertising. Those who work in the industry are held liable for both truth in advertising and HIPAA compliance. This means they have to be extremely careful about what they publish for all to see — especially when it comes to newer advertising formats, such as social media. If proper permission is not obtained, any use of a patient’s information or likeness in an advertisement could be a HIPAA breach. For example, if a dermatologist posts photos of a patient’s skin disorder, the patient’s identity could be compromised. Even if the post or advertisement contains only a portion of the patient’s face, his or her privacy could be violated if close friends or family members are able to determine identity. To avoid violating HIPAA security laws when advertising online, health care facilities should thoroughly evaluate all advertisements to ensure they aren’t improperly using identifiable patient photos or information.
Exercise caution when using open text fields
Ad Statistics
Times Displayed: 46200
Times Visited: 1302 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
In recent years, a large number of health organizations have moved their data collection efforts online, which means they are using online forms to gather appointment requests or new patient registrations. While using a HIPAA-compliant data management system is an effective — and necessary — way to protect patient data, a HIPAA violation is still possible if facilities aren’t careful. Online forms that contain open text fields can inadvertently lead to HIPAA security breaches. This is because patients may use that free text space to unknowingly share ePHI, such as current medications or medical conditions.
For example, when providing feedback on a patient satisfaction survey, a patient might state that her doctor was caring and supportive after delivering a breast cancer diagnosis. To limit the sharing of ePHI on online forms, health organizations can remove open text fields from their forms. Or, if total removal isn’t ideal, they can add disclaimers next to any open text fields to warn patients not to include personal medical details in those fields. As health care facilities continue to adopt technology into their patient care systems, it will be increasingly important for them to ensure they are remaining HIPAA compliant in all instances. Using HIPAA-compliant systems and tools can help, but it’s up to the facilities to identify and remove any compliance blind spots.
About the author: Chris Byers is the CEO of Formstack.Back to HCB News
