Anyone can file a HIPAA complaint.
Seriously, per the U.S. Department of Health & Human Services, “Anyone can file a complaint if they believe there has been a violation of the HIPAA Rules.” This means that you’re open to complaints from patients, partners, and even employees.
One area of your practice where security matters most is your intake forms. Your organization uses these forms every day. Let’s look at eight ways that you can keep them secure and avoid HIPAA non-compliance.
1. Make your forms electronic
The average paper intake form takes more than 20 minutes to fill out. After they’re completed, someone in your office either has to enter information into the computer or file those forms in old-fashioned paper folders.
This isn’t just inefficient, but it also opens you up to security risks. Forms may start piling up on someone’s desk. They could end up in a shred pile that keeps building in a corner. This paper trail makes PHI easy to access for unauthorized individuals such as
- Other patients
- A curious family member
- Night cleanup crew or other staff
- Those seeking to profit from stolen PHI
Using electronic intake forms that patients can fill out while in the office or at home reduces this risk.
2. Enforce a password policy
Just because something is electronic doesn’t mean it’s secure. There are many ways a malicious or neglectful person could compromise the security of your intake forms. How can you make sure they stay secure?
It’s essential that your office has a clearly defined and written policy for managing passwords.
This should include statements on
- The complexity of passwords
- How frequently people must change them
- Instructions not to share passwords
- Instructions regarding Wi-Fi logins and use of unauthorized devices
- Phishing emails and other scams
- Use of other people’s logins
3. Install software updates in a timely manner
When a software company becomes aware of a potential vulnerability or risk, they release an update to fix the problem. The longer you wait to install this update, the longer you’ll be at risk. But often people will put off the update because they’re so busy. How can you stop this from creating unnecessary security risks?
You can use update tracking software to track employees who aren’t updating their computers. Give the employee several chances to update during a short window and if they don’t update, then you can send a forced update. Forced updates ensure that the needed update happens no matter what.
4. Only use HIPAA-compliant cloud storage
We’ve all heard about the nightmares where someone steals pictures that were saved on “the cloud.” This may make you think cloud storage is dangerous. But cloud storage can be just as safe as keeping something on your desktop computer.
Many of the familiar names in cloud storage, like Dropbox, Google Drive, and Carbonite, have HIPAA security options, including data encryption to protect intake forms as they’re moved to the cloud server.
It’s important to realize that simply opening up a Dropbox account doesn’t protect you from the more serious data breaches. You need a business account with HIPAA-compliant security and a business associate agreement (BAA).
5. Use online HIPAA-compliant intake forms
Waiting until someone is in the office to have them fill out a form can put your providers behind schedule and frustrate waiting patients. After all, most people will show up at their scheduled appointment time, which doesn’t give them any time to fill out an intake form.
This doesn’t have to be the case though. Because of all the extra security measures that cloud services and form websites have taken, you can safely send patients forms by email so that they can complete them before arriving for an appointment. This will ensure that your office runs more smoothly and that doctors get to spend more quality time with patients and less time reviewing forms.
6. Make security easy
The easier something is to use, the more secure it is. People don’t feel the need to print things unnecessarily, get friends to help, or leave documents open longer than needed.
When you use the right HIPAA-compliant intake forms, no technical skills are required. They’re easy for patients and your office staff to use, which helps prevent them from being misused.
7. Enable electronic signatures
It should be easy to sign HIPAA-compliant forms without having to print anything out. Printing, scanning, or faxing puts patient information at risk.
When choosing an electronic form provider, make sure that they offer electronic signatures.
8. Make them mobile-friendly
Your patient forms should be easy to view and fill out on any device. Around 50 percent of online traffic is now on smartphones. In some age groups, this rate is much higher. Making sure forms are easy to access on mobile devices will encourage more patients to use them and reduce the total number of forms you need to print.
Electronic intake forms that support modern practices
Intake forms can create a huge security risk for your practice if they aren’t properly secured. By following these eight steps and using a HIPAA-compliant electronic form provider, you’ll keep your practice safe and efficient.