Articles Health

Is Your Practice, HIPAA Compliant?


Published on April 29th, 2019

Did you make your incoming patient feel valued after your front desk interaction with them regarding an appointment?

Why Should That Be Of Significance, You Say?


Because how your patient feels in your practice’s environment by interacting and seeking answers to the queries by your front desk department has a significant impact on your healthcare practice’s financial health and branding.

There is a reason why an increasing number of medical practice are opting for healthcare business process outsourcing so that a dedicated team entirely manages the financial aspect and they are better able to deliver quality care and treatment.

You might be wondering why invest in healthcare business process outsourcing when the front desk staff can be regularly trained to behave appropriately? Or your in-house billing office is adept in managing the revenue cycle process?

Because healthcare process outsourcing will be a profitable choice in the long run, compared to training. You will save considerable money and rest assured that your medical revenue cycle is managed efficiently, without any violations.

Yes, you might have set up a practice compliant with the HIPAA policies, but you wouldn’t even know, and your practice, front desk office, and staff might be violating the basics of HIPPA. As significant as the front desk office is, it is equally vulnerable to breach of the code of conduct, holding the practice accountable for the negligence, resulting in the issue of penalty.


Allow Us To Make You Aware Of Certain Situations And Ways In Which Your Practice Is Unknowingly Making Blunders And Violating HIPAA:

  • You might overlook it as a “not so big deal,” but your front desk office could be violating major HIPAA rules and someday might have to pay the penalty if inspected. Everyone entering the medical practice will first correspond with the front desk staff and what they see? A pile of patient’s file with the name in bold letters. Patient health information contains sensitive data and hence must not be visible or accessible to anyone other than those authorized.
  • Is your staff in the habit of using sticky notes to write EHR, patient’s message? Are the click board with the patient health record mentioned, visible to the passerby? PHI comprises of sensitive data that should be confidential and keeping them in public view is a HIPAA violation, and you would be penalized.
  • Are the patient’s record disposed of in the trash can without shredding them? This is a violation of HIPAA policies as it makes the PHI vulnerable to identity theft or the patient being prone to punitive damage.
  • Is the email for mass correspondence to the patient being sent without activating the blind carbon copy? This will result in patient knowledge of each other’s email address and additional private information, which is a violation of HIPAA policies.
  • Does your staff often use texting as a form of communication to sent common health related information like vital parameters for test results to the patient? This would make the sensitive information vulnerable to cyber criminals, thereby compromising with the HIPAA policies.
  • Is the patient’s chart with their health and other private information kept in the open? Anyone passing by or in the waiting area can take advantage of this and use the patient’s health-related and additional private information against them. Similarly, if the prints from fax/copy machine are viewable, you are making the PHI vulnerable and violating HIPAA.
  • Is your staff aware of the laws that decide which information is permissible or mandatory disclosure or do they share the information with the third party without understanding the consequences?
  • Does your staff do verbal check-ins or call the patients in the waiting room by their full name. Though accidental, this is a HIPAA violation when patine’s information can be overheard by unwanted third parties leading to reach of privacy.

HIPAA breach can cost you dearly. Depending on the level of the negligence been done, the penalty can range from $100 per violations to $1.5 million per year. In the worst cases, the person could end up facing criminal charges.


But There Are Specific Tips That Can Be Followed To Stay HIPAA Compliant, Such As:

  • Look and act from the perspective of every outsider be it a sales rep, patient, medication delivery representative. Walk around and see what is in the visibility?
  • Make it a point to not discuss one patient in front of another, even out of sympathy.
  • Ensure that any PHI discussion is made from the back office, so as to avoid alert ears from nose-diving into information that they are not supposed to be aware of.
  • Minimize the probability of any passerby to view public health information by using the private screen to shield the sensitive details from unauthorized people.
  • Make sure that the staff goes for HIPAA training once in a year, wherein they are made aware of updated HIPAA do’s and don’ts.
  • Make sure that a written policies and procedure manual comprising of notices, forms related to patient privacy is accessible to all and religiously followed.
  • Keep the patient’s health record locked in a safe and secure place which only authorized people know of and can access to.

While these tips are helpful, why risk being penalized by HIPAA when you have the option of healthcare business process outsourcing?

An effective option, outsourcing involves effective designing, planning, and implementation of comprehensive revenue cycle management strategies be it for claim denial management or insurance verification or credit balance resolution.

Understanding and accordingly strategizing for the intricacies involved in payer, hospital and provider relationship ensures that the practice is able to deliver quality treatment and care to its patient, adhering to the directing authorities rules and regulation and simultaneously staying financially sound.

It is important to note that when looking for a healthcare business process outsourcing company, look for those that have the confidence in them to offer you risk-free, no obligation, trial service. This indicates the credibility of the revenue cycle management company and also gives you enough options to choose from before handing out the cheque.

Focus on your patient and leave your practice’s revenue cycle management to the experts!