This website describes how to become HIPAA compliant (Health Insurance Portability Accountability Act, which is a federal law to qualify for medical coverage) for doctors’ offices and those in charge of handling patient health information.
Follow the telephone protocols. Some medical offices must have specific guidelines for information that is communicated over the phone. Certain individuals, such as health insurance representatives or family members may have authorization to request information from patients, but other people should be given only basic information that does not violate HIPAA.
Protection of work stations. A computer must always be blocked when the person using it is away from the desk. This is to prevent unauthorized use.
Protect documents such as medical claims and bills must be face down when the person who is responsible for them is off the table. Files should be kept in secure containers where they cannot be read by someone passing by.
Use trash cans and shredders for HIPAA documents. Some offices have color codes in trash bins, one for regular trash, apple scraps and chewing gum wrappers, and another set of cover container for documents. The documents that go in the safe boxes must go through the crusher every day. The garbage containers are emptied by the quartermaster staff at night.
Educate. A knowledgeable staff will be more adept at following HIPAA regulations, and they will know why they are doing it. Conversations about the laws are good and help to maintain agreements.