Because of familiar relationships that develop within home settings, I/DD providers may be especially prone to innocent disclosures of private health information that can lead to costly fines and unwanted publicity. Like ignorance, federal enforcers of privacy rules won’t accept innocence as an excuse. Currently, DD providers are among 364 organizations currently under federal investigation for privacy infractions.
Well-intended text messaging between staff members, Facebook postings and even casual conversations about a client’s health could result in unintended breaches. Because I/DD providers serve clients in home-like settings, these types of communications seem natural. As a result, DD providers face special challenges in training staff on how to protect each client’s privacy while maintaining a truly home-like environment.
One way to get the message across: Explain that privacy is expected within any family setting. That’s why bedroom and bathroom doors are locked.
Here are some tips on respecting the privacy of health information within residential settings:
- Post reminders in homes on the need to protect each person’s privacy — and make them colorful!
- If you are keeping paper copies of records in the homes, check to make sure those binders are locked up, and only accessible by staff on a need-to-know basis. A binder is likely to be loaded with private health information.
- Don’t assume it’s alright for individuals to take photos of each other. Make sure you have signed permission forms, either from residents or their guardians.
- Instruct staff to refrain from any engagement with residents on social media. Future posts will explain the risks and potential consequences. For now, explain to staff that not everybody’s mother and father, aunts and uncles participate in social media. It’s perfectly fine to be in a family environment where figures of authority opt out of social media activity.
About the author: Diane Evans, Publisher of MyHIPAA Guide, leads a team of HIPAA trainers and consultants who boil privacy practices down to good business and human-centered processes. Templates and training materials created by MyHIPAA Guide are intended for easy use by busy professionals who have many other things to do. You may contact Ms. Evans at email@example.com.