Selfies, videos, and social media: Dancing with HIPAA regulation dangers in dental practices
Does your dental practice know all there is to know about HIPAA regulations? Suffice it to say that many practices believe they're in complete compliance, but there are many unknown dangers out there that could come back to haunt them.
If your practice is like many others, you’re doing the HIPAA compliance dance. You may not know all the moves, but you’re trying your best to follow along and get it right. And that’s the problem! There are SO many moves. There are hundreds of pages of rules and regulations that you need to know and understand. Most dental practices are so busy that it’s hard to find the time to handle this effectively.
Here’s some news to add even more anxiety to your hopes of getting it right. The Department of Health and Human Services Office of Inspector General (OIG) has recommended stronger oversight of the entities covered by the HIPAA Privacy Rule. This means that in 2016 DHS is stepping up their audits. These audits are imminent and practices will receive letters to advise them of upcoming audits. Practices may only have from 10 to 14 days to respond with the requested information. In addition, the focus will be on small practices as opposed to large health care systems. (1)
You may ask, what can be done to become prepared? Compliance is not an easy fix. There are seminars, including those given by Dr. Lorne Lavine, that can help you to assess your compliance level and learn what you need to do to ensure compliance. In addition, there are companies that you can contract with that offer guidance and solutions for HIPAA compliance. I work with Total Medical Compliance in Charlotte, North Carolina, and they gave me confidence regarding HIPAA compliance in the practice I managed for many years. I advise you to find a similar company or consultant who specializes in HIPAA compliance.
Many practice owners and administrators believe that their practice is compliant when, in truth, there are areas that are not. With guidance you will be able to spot these areas and deal with them appropriately. Here’s an example: A young child has his or her first dental appointment. Mom and dad are so proud and excited. Dad pulls out his cell phone and starts snapping pictures of this big event in his child's life.
This may seem harmless, but believe me, it is not! There are several dangerous situations that can develop when photos or videos are being taken in a dental practice setting. The first and probably most serious aspect of this is that it presents possible HIPAA violations. As photos or videos are being taken of a patient, there’s the possibility that other patients may be inadvertently included. These photos and videos are often shared through social media, and this can compromise those patients' privacy. In addition, staff members might be included in the photo or video, and this violates their privacy. There may also be times when a patient could unintentionally take a photo of another patient's file or other patient’s images displayed on monitors. As you can see, any of this can be very risky for a dental practice.
In addition, if a patient has a problem with a dental practice and has taken photos or videos, it’s possible the patient could use it out of context and post in on social media to try to prove a point. This could create a huge reputation management problem for the dental practice.
A third concern is allowing staff members to use their cell phones in the clinical or business office areas of the practice. Staff members who, out of curiosity or vengeance, snap pictures of patient data may use it in a way that hurts the practice.
So it is advisable that a "no photo or video" policy be implemented in dental practices. To implement this policy, a sign needs to be posted advising that no photos or videos are allowed due to patient privacy rights. In addition, if the practice has a website, this notice also needs to be displayed there. With regard to employees, this policy needs to be discussed with all staff members and be included in the practice policy manual.
Did these situations catch you by surprise as possible HIPAA violations? I bet some of you were caught off guard. HIPAA compliance is not just an owner or office manager responsibility. All staff members need to understand the importance of HIPAA compliance and how everyone can be compliant. Take my advice and seek some assistance so that you can confidently and correctly follow the steps to the HIPAA dance and avoid any dangers.
Marianne Harper is the CEO of The Art of Practice Management. Her areas of expertise are revenue and collection systems, business office systems, and training dental practices in dental-medical cross coding. Marianne is a well respected consultant, trainer, lecturer, and author. To contact her for a consultation or to invite her to speak to your organization, call 252-637-6259 or email firstname.lastname@example.org, or visit her website, artofpracticemanagement.com.
1.http://www.bobstechtalk.com/, accessed 01/18/2016