Whether as an owner or administrator in the home care industry or as a healthcare consumer, you’re undoubtedly familiar with HIPAA – the Health Insurance Portability and Accountability Act. Established in 1996 by the United States federal government, HIPAA created national standards designed to protect sensitive patient health information from being disclosed without the knowledge or consent of a patient. HIPAA compliance ensures that clients’ protected health information (PHI), including the information found in written and electronic records, is secured and only accessible to authorized individuals. Caregiver software, like our Rosemark System, has built-in safeguards that help aid agencies with HIPAA compliance for home care.
While the information HIPAA is designed to protect is seemingly straightforward, it comes as a surprise to many in the home care industry that HIPAA compliance extends beyond client health records and care plans to marketing efforts.
Featuring a client’s story in marketing materials on your agency’s website or in social media are both obvious examples of when it’s important to have a signed release form on file. A release form indicates the client has agreed to have his/her story used for marketing purposes. Another instance where it’s critical to have a signed release form on file is if your agency is using photos of clients on your website, in print materials, or in social media. Even if a photo is unattributed, publishing the photo identifies the individuals featured in the photo as clients, which is considered PHI.
Beyond obvious examples of HIPAA compliance like these, it’s important for agencies to consider other sources of potential HIPAA violations, such as the following:
Website. Any part of your website that solicits information from site visitors can be a potential HIPAA violation. PHI pitfalls include forms that request addresses and phone numbers or that have open-ended boxes where site visitors might disclose the name and health condition of a loved one. Check with your website vendor to ensure all website forms are encrypted and that the site uses SSL protocol.
Data collection tools. Marketing tools that collect information about site visitors such as client satisfaction surveys, user experience tools, or even analytics tools are also important to be aware of. Data collection tools such as these pose a potential risk for HIPAA violations. Speak with the vendors you’re using for data collection to learn more about how information is stored.
Length of time data is stored. Setting up internal processes to purge and destroy data, including client information, after it is no longer useful is an important safeguard. Consider setting up recurring quarterly tasks to remove outdated information and ensure that only current information is stored.
Team member access to data. All client information, whether health-related or not, falls under the HIPAA umbrella. Access to client information should be limited to only those staff members who are granted permission and who actually need to see the information to properly execute their job duties.
When home care agencies choose to partner with Rosemark, they can feel confident knowing that secure communication, data transfer, and compliance are fundamental principles built into our intuitive software system. Offering complete HIPAA compliance for home care, Secure Shell (SSH) password protection, data encryption, and 24/7/365 server security and monitoring, our clients can rest assured knowing that their data is secure. With more than 30 years of healthcare and home care experience and innovation, Rosemark understands that data reliability is essential.
If you’re interested in learning more about the Rosemark System and would like to set up a no-obligation demo, reach out to us today via our online contact form or give us a call at (734) 436-2631. We’d love the opportunity to learn more about your home care agency and share information about how our intuitive and user-friendly software solutions can help you manage your most critical resources: people, payors, outcomes, and data.