Patient Privacy and Home Care: How to Satisfy HIPAA Compliance Requirements On The Go
Patients are increasingly being cared for outside of hospitals – about 10,000 people turn 65 every day and many of them will need home-based healthcare. As a low-cost and outcome-based solution, home health is an appealing alternative to inpatient care in a hospital setting. And as more care is given in post-acute settings like home health, how can privacy and compliance officers ensure that HIPAA compliance requirements are met?
Benefits of home care
Home healthcare is on the rise – the Centers for Medicare & Medicaid Services (CMS) project that $108.8 billion will be spent on home health in 2019. Patients and families look to home care for numerous reasons, including:
- Reduced care costs
- Improved outcomes and patient satisfaction
- Patients don’t need to be in a hospital to monitor their health
- Physical and occupational therapy
- Home aides that assist in daily living activities like cooking and cleaning
“There’s nothing more powerful than great care in the home, delivered by someone who’s heart-centered and helps the patient take back control of their lives.” – John Driscoll, CEO of CareCentrix
Compliance concerns with home care
HIPAA compliance for home health comes with its fair share of challenges. Home health workers are highly mobile and travel across many locations – all while accessing sensitive data. As a result, monitoring ePHI access has become critical in those settings in order to maintain a culture of privacy.
Home care workers must know how to secure patient information while accessing, storing, or disclosing PHI through electronic devices. If a text message containing health data is sent via a publicly accessible cell phone network, it runs the risk of being intercepted by anyone who shares access. With this in mind, how can home care professionals keep sensitive information safe while on the go?
By taking measures like using secure text messaging apps that prevent texts from being sent outside a healthcare organization’s network and can remotely delete messages if a device is lost or stolen, home healthcare professionals can maintain HIPAA compliance regardless of location.
Securing patient data on the move
Sending text messages that include PHI isn’t the only risk – protecting patient privacy under HIPAA is an ongoing necessity, regardless of equipment and location. And home care practitioners have the added challenge of keeping data safe both within and away from a hospital or medical center. But there are ways of maintaining compliance while safeguarding sensitive information, including:
- Encrypting all health data
- Limiting access to medical records to users who are on a “need to know” basis only
- Locking devices with access to PHI in the trunk when travelling by car
- Taking caution to not leave devices with PHI unsecured when in a public location
- Installing screen locks and savers
- Keeping all devices that contain PHI locked in a secure place when not in use
According to IBM and Ponemon Institute’s 2019 Cost of a Data Breach Report, data encryption alone had the greatest impact on lowering costs associated with data breaches, saving organizations an average of $360,000 per breach.
Home care is a fast-growing facet of healthcare – as the population ages and healthcare costs soar, receiving care at home is a cost-effective solution that provides a level of independence that an inpatient stay at a hospital simply cannot offer. However, home care comes with the added challenge of ensuring that HIPAA compliance requirements are met while clinicians and their equipment are on the move. When laptops and other devices containing PHI leave the safety of a health system’s walls, it runs the risk of exposure to sensitive patient data. By taking precautions such as encrypting data and taking steps to maintaining the security of mobile devices with sensitive information, patients can reap all the advantages of home health, including the continued protection of their privacy.
“Home is where people want to heal.” – John Driscoll, CEO of CareCentrix