What can patients see on your reception desk?
|By: Brand Barney|
SEE ALSO: Snapshot of HIPAA and Healthcare Data Security
Check out this video for a 90-second summary of this reception desk HIPAA problem.
HIPAA violations on reception desksI’ve seen some pretty wild HIPAA violations from the viewpoint of both auditor and patient. The most common violations I see at reception desks are things like:
- Seeing the receptionists’ open computer with the day’s schedule, complete with full patient names
- Computer, EHR, and Wi-Fi passwords written on sticky notes, stuck to a computer monitor (in plain view to the public!)
- Patient records on clipboards by the keyboard and easily viewable
- Keys (probably to a back office) within arm’s reach
- Bulletin boards with new patient names and notes about patients
- Unopened charts which still identify name and address of patients
- Patient messages for the doctor written on a pad of paper next to the phone on the reception desk, and in full view
- Recently received faxes of health insurance data left in plain view on the desk
- Recently printed scripts left sitting on the desk in plain view
- Unshredded patient records thrown in a trashcan shared by receptionists and waiting room patients
- Patient charts placed in clear door chart holders, clearly viewable to anyone walking by
Even worse, what if someone with malicious intentions saw your Wi-Fi password so conveniently displayed on your desk, and decided to hack in and steal patient data? Do you have the technical measures in place to know if this has happened, or is happening?
Stopping reception desk HIPAA violationsReceptionists have tried to convince me that as long as the information is upside down to the patient, it’s not a HIPAA violation. That is false, and truthfully ridiculous. A quick picture of that upside down patient data can quickly be turned right side up, or even snatched right off the desk.
You can do a lot to mitigate the risk that your reception desk fosters, but the most important is employee training.Receptionists, doctors, and nurses won’t leave patient information in plain view on reception desks if they have extensive training explaining why. I truly believe that healthcare professionals care about the data that they are working with, but I don’t think that they understand how they impact the security of that sensitive data.
Here are some more ideas that will help you keep your reception desk free and clear.
- Stand where your customers check in, walk the path they walk, and see if you can see any sensitive information, in any form.
- Stand at the reception desk and try to locate any administrative information that might assist a hacker to gain access to your system (like your EHR password)
- If you ever write something on paper, immediately turn it over, or place it in a locked drawer
- Pull out your phone, put in on the desk. What can you take photos of? I always recommend that you have a no phone policy at the front desk policy.