The healthcare industry uses its fair share of contractors at all levels. Using outside staff and services is a matter of convenience, and it allows the healthcare facility to focus on taking care of patients. It’s important that contractors understand that they are held to the same rules and regulations as the facility, including HIPAA. While incidental viewing isn’t something that’s punishable, leaving patient information out in the open is. Every contractor from IT to laundry services needs to follow HIPAA at all times in order to avoid fines. Following are three things contractors need to know to stay within HIPAA compliance.
What Information is Protected by HIPAA?
Protected health information, or PHI, is information that cannot be released without consent of the patient. Personal identification that includes the first and last name, address, phone number, and Social Security information falls under the definition of PHI. Conversations between physicians and patient are confidential as are prescribing and financial records.
The only people who are allowed to view PHI is the physician, nurses, and office staff. The information cannot be released to anyone outside of the facility unless permission has been granted by the patient. Any unauthorized release of information can subject the offender and the facility to fines.
Defining Who Is and Isn’t a Contractor
The general rule of thumb for defining a contractor is someone who cannot be controlled by their employer. That is, the employer does not take out payroll deductions and the contractor can come and go as they please. The other definition of a contractor is an outside agency that’s been retained to perform a service. Services can include cleaning of the facility, laundry services, document shredding, and more.
People who are paid a regular wage, have payroll deductions, and work on a pre-defined schedule are employees. They lose the freedom to come and go but gain defined benefits in the form of paying taxes and Social Security.
Both contractor and employee have to follow HIPAA at all times. It’s doubly important for a contractor to pay attention to HIPAA as they have more freedom to come and go, and can be considered a higher risk than an employee. A data breach that’s attributable to the employee or contractor comes with the same results: fines and potential for prosecution.
Creating a Plan of Action to Prevent Accidents and Leaks
The key to preventing problems is education. Make sure employees are familiar with HIPAA, and if not, make plans to educate them. Make sure that contractors are educated in HIPAA before working with them. If a contractor isn’t versed in HIPAA, don’t work with them until they can prove they are. The same goes with IT services and electronic health records. Always work with contractors who know their duties before they step foot in the facility.
Patient privacy is a serious issue, and one that everyone needs to keep on top of regardless of whether they’re a contractor or employee. Always stay on top of compliance protocols in order to prevent fines and protect sensitive information.
