Scenario #1: Passing through a crowded check-in area, Nurse Olivia overhears William, the clinic check-in clerk, loudly telling a patient on the phone that they need a follow-up appointment because their Staph test just came back positive. Is William taking the proper precautions?
Answer: No! William should have spoken in a lower voice in order not to be overheard by the other patients, not disclosed the specific health test, and/or moved to a more private area prior to making the call. As an employee, you should always remember to disclose the minimum information necessary.
Scenario #2: A business associate for a medical facility left their laptop on the backseat of their vehicle. The laptop contained PHI files, as well as other personal information, and did not have a power-on password or encryption. When they returned to the vehicle, it had been broken into and the laptop was gone.
What should the BA have done?
A. Nothing, it was not their fault that the car was broken into and laptop stolen.
B. At a minimum, the laptop computer should have been password protected and additional security could have been achieved by encrypting the PHI.
C. Never use a laptop for work.
D. None of the above
Answer: B is the correct answer. The BA should have password protected the laptop computer, and an additional security step could have been taken such as encrypting the PHI to prevent unauthorized access.
The BA should immediately contact their Privacy or Information Security Officer and report the loss to their immediate supervisor. In addition, the company policy concerning the use, storage, and security of portable electronic devices containing PHI should be reviewed. This applies to all electronic mobile devices as well.
Interested in learning more?
Get more information about the HIPAA Awareness course here.