There are many resources available to help keep your practice Health Insurance Portability and Accountability Act (HIPPA) compliant and be vigilant about protecting patient privacy. Most of this protection involves patient medical information and charts, be they paper or electronic. However, there are other ways you must protect your patient's privacy, specifically when it comes to identity theft.

Until just recently, many of your patients' insurance ID numbers were based on their social security numbers. Most major insurance carriers have stopped this practice, but information may be still available in your patients' paper or electronic records. This information may also be present in inactive files that are not as carefully protected as other information in your office.

Crucial Questions

Now is the time to look at your practice for common security leaks and plug them up. Identify all the areas in which patient information exists or is accessible. Think about the location of all your computers, hand-held devices, and paper records. Are they ever left unattended? Do you have patients wait unattended in an exam room that has a laptop or hand-held device like a personal digital assistant (PDA)? Do you have a chart room where the door is left open or unlocked? Do you or any members of your staff take charts home? Does anyone have the ability to access your office computers off-site? Does your transcriptionist type at home and use his or her home computer?

Do you download or back up data on a disk, memory stick, or PDA? These items are small and can get lost. What about the staff member who brings home files or a laptop and leaves them unlocked in her car as she stops to get a few groceries on the way home from work? Are you starting to see how important it is to know how information in your office moves and how you need to be diligent in protecting it?

Other Common Leaks

Another common leak is the office fax machine. Where is yours located and who sees what comes in? What happens to any paper with patient information on it, such as sticky notes? How are you destroying paper information that is no longer needed?

Do you have a Web site for your practice? Do you send or receive e-mails from patients? You can use encrypted e-mails to safely communicate with patients, but remember that the information is stored on your computer even if you delete it. Have you ever had to upgrade any computers in your office? What do you do with your old hard drives? Some offices give them to employees. Just make sure you scrub the data from them first. You can buy programs to do this or consult with your computer support person. If you are going to throw away your computer, destroy your hard drive first.

Do you process credit cards in your office? If so, you must protect your patient's credit card numbers, too. Most credit card machines only display the last five digits of the credit card number on the receipt. Be sure yours does as well. We sometimes have patients call in their credit card numbers to pay on their account and we never write down the number. We input it while on the telephone with the patient, print a receipt, and mail it to them.

Look at the amount of paper you have in your office with any type of patient information. Can you get rid of any of it? Find out how long you need to keep records (you can ask your accountant and malpractice insurance carrier for guidelines) and destroy what you don't need. A cleaner office results in less loose data that can be stolen. Set up written standards and train your staff so that you can implement ways to fully protect all of your patient's information.