Most people focus their efforts on the digital world when it comes to HIPAA compliance and Meaningful Use Risk Assessments.
Yes, the computerization of the medical practice is a huge drive in all of this, but the cave man style of running a practice can still poke its head out of the cave once in a while.
What sounds like a file box full of dental records was recently discovered in California. These records were not the actual dental records of patients, but the referral forms from a service called 1-800-DENTIST. Yet, these referral forms have plenty of PHI on them.
I can visualize the process now: over worked, under paid front desk worker receives fax from 1-800-DENTIST. Calls patient and sets up appointment. Puts referral form in a box.
Over a few years time this box is overflowing with paperwork.
One day the dentist sees this box and declares “somebody do something about this box of papers”.
“Somebody” then takes the box and puts it in their trunk. The box probably stayed there a good six months before “somebody” said, “dang, why do I still have this box in my trunk, I’ll just put it over in that vacant lot.”
So, how many pieces of paper with PHI on them float around your office?
- Do you have a patient sign in sheet?
- SOAP cards?
- Individual strips of paper?
- Maybe you use the adhesive label peel-off method?
All of these have consequences if not properly handled.
I know you don’t want to have a process that spells out what to do with “that piece of paper”, but guess what? You better.
Otherwise you could end up on a news report like the one below…and you really don’t want that.
A quick aside here: Dentists do not necessarily have to comply with HIPAA. But this doesn’t matter. There is a presumption by patients that medical professionals (YOU) will protect their information. It is also worth noting that it does not appear that 1-800-DENTIST is at fault here, but the dental office is.