Many practices prepare packets of information for patient use. Documents we give to patients will contain Protected Health Information (PHI). This may include discharge packets, admission packets, lab orders, requests for records, or other information sharing with patients.
Under the HIPAA Privacy Rule, each of us is responsible for the privacy and safety of patient information we manage. Here are some tips on protecting PHI in patient packets:
- Check your print job! Remember that multiple users may print on the same printer. Sometimes, one section of your print job will print, followed by another user’s print job, followed by the remaining sections of your print job. Review every page of the printed material you’re about to give the patient. Is all information for your patient?
- Be Safe: Assume printed material includes PHI. PHI elements can include patient demographic information, names, account numbers, addresses, diagnoses, billing information, and over 18 additional items of data. PHI is present on print jobs.
- Be aware of your print jobs. Print jobs should be picked up immediately and not left unattended any longer than absolutely necessary. When printing, retrieve the document immediately.
- Sort carefully. Assemble one patient’s complete packet, then work on the next patient’s packet. Avoid preparing multiple packets at the same time. This increases the chance of error.
- If a patient or staff member identifies that another patients’ information was accidentally included in a patient packet, retrieve the PHI, and alert your supervisor so you can work together to correct processes.
If you answered NO to any of the above, there could be a HIPAA Privacy concern. Correct the issue and discuss with affected staff – or contact us for a HIPAA Privacy consult!
Remember: The DHHS Office for Civil Rights (OCR) issues penalties up to $1.5 Million per year for inappropriate PHI management. Joint Commission (JC) also monitors inappropriate exposure of PHI.