Don't forget about HIPAA basics
Many practices and physical therapists find themselves in a new world working a lot more or maybe entirely from home, providing patients telehealth and Medicare E-visits. It’s important to note that telehealth is very new for PTs, OTs, and SLPs but so is work from home. Even other providers who may have been providing telehealth services would typically do so from their office. That means there are really two new changes – telehealth AND work-from-home (WFH).
Even if you’re not seeing patients in your practice, you could consider having staff come into your practice location to provide telehealth and e-visits from there. While some practices might consider this, many are having therapists offer these services from home.
A few basics on HIPAA best practices will help keep your team on track. None of these basics are terribly difficult to implement and are good practice anyways – especially so with more PTs doing WFH (work from home).
Make sure your WiFi is secure
Remember when you pulled that router out of the box and set it up? Hopefully you set up a password for it. If you did and your router is relatively new – you’re probably doing fine. If your router is very old or you have no password needed to log into your wifi network then now is a good time to get that done. The latest standard is still WPA2 (Wi-Fi Protected Access 2). It’s been out for quite some time and is the default on most routers; so, unless your router is ancient, you should be fine.
If you can’t remember how to check your router setup then you may have to reset it and set it up again. Just don’t do think when you have only 10 minutes to your next telehealth visit.
Conduct telehealth visits, calls, etc. in as private a location as possible
To the extent possible, conduct visits and calls from a private room. This is not just a good idea from a professional standpoint but can ensure that these conversations are not necessarily overheard by others.
Be mindful when calling patients by phone
These days most folks have a cell phone so you’re typically contacting a patient directly if you are calling by phone, but don’t assume this is always the case. When the phone is answered make sure to take a moment to verify that you’re speaking to the actual patient directly prior to offering any details about visits or care.
Do not save passwords in your web-browser
Many web-browsers offer you the ability to save passwords as a convenience. Don’t be tempted. Keep your password in mind, where it belongs. If you’ve saved a password for your EMR in the past, change it to something new and clear out any saved passwords.
While you’re at it, it’s a good idea to have a password for your computer or tablet as well.
Avoid or minimize printing
When you’re at your practice, you likely have a setup for shredding of documents including a shredder and a location to place paper that is ready to be shredded. You may or may not have a shredder at home so it’s a good idea to avoid printing. It’s a good time to work on screen only.
Make sure your computer is up to date
Computers, tablets, etc. all have updates from time to time. These new updates can give you new features but may also contain security updates, too. Make sure your computer is up to date. Most computers and devices can install updates automatically, overnight. That’s always a convenient way to do it.
By extension, don’t forget to stay off of outdated devices that are no longer receiving updates. For example, Windows 7 updates were discontinued recently. That means, by definition, a computer running Windows 7 can no longer be HIPAA compliant.
Last but not least, web browsers are also updated regularly. Most do it automatically but make sure you’re accepting those updates.
Run an anti-virus/malware program
Have your virus scanner set to run regularly. Most major platforms like Windows and Mac have a built-in program for this purpose. It may even be set to run automatically already. Just give it a double check.
The Bottom Line
If you find yourself in the new world of working entirely from home and aren’t used to it, just keep HIPAA basics in mind and you can keep on track in this dynamic new environment.