If it feels like there are a lot of gray areas when it comes to managing privacy and security, you’re not alone. Never fear! There are certain best practices you can implement to mitigate risk and stay compliant with privacy laws.
Stay On Top of Standards & Security Measures
During Jane’s recent Data Privacy Webinar, Irnise Williams chatted about the importance of setting standards and security measures. A nurse for over a decade, as well as a lawyer specializing in healthcare, data privacy, and HIPAA compliance, Irnise is uniquely qualified to speak on this topic. She suggests the following:
- Never leave your devices unlocked or unattended. Otherwise, you open yourself up to the possibility of a “crime of opportunity.” Make sure to limit the potential of anyone gaining unauthorized access as much as you can.
Pro tip: Auto-lock your device when it’s not in use as an added layer of protection.
- Using your mobile phone? Create rules that make sense. Decide whether you and your staff can use your personal cell phones to communicate with clients or each other. If you decide to use your personal phone over a business phone, clearly define what information can be exchanged this way. Finally, make sure to have a plan in place for retrieving the information in the event a staff member leaves your practice.
Pro tip: Consider using cloud-based systems or messaging services to avoid storing information on singular devices.
- Run through your crisis plan. Once you have set your policies and procedures, the next step is training your staff. A great way to make sure everyone knows what to do in the event of an emergency, such as a breach, is to practice the steps you’d take in such a scenario.
Identify when and how you use electronic communication
It seems like a given that you’d use text and emails in some capacity in your practice.
But are there cases when you should opt out? Sharon Vanin, a healthcare lawyer turned holistic nutritionist, joined Irnise to share when you shouldn’t rely on technology.
Avoid communicating electronically when:
- There’s an emergency: email and text may involve a delay that is unsafe
- The information relates to sensitive situations: For example, if a client is in imminent risk of harm
- There’s a possibility an email or text will result in a misunderstanding: Take into consideration who you’re talking to – some people may rely on non-verbal cues for context
- There’s a likelihood that you can’t maintain confidentiality
- It feels like a boundary or undue administrative burden: For example, it can add stress if you, as the practitioner, feel you need to be on-call. Remember to always set expectations for when you’re available.
- The client doesn’t consent
Pro tip: Allow clients to check off which type of electronic communication formats they consent to as part of the intake process.
Stay compliant with privacy laws: Have your resources nearby
Part of staying on top of privacy and security is knowing where to find the answers when you need them. Here are a few resources you can reference when you’re building your policies and procedures, doing your annual security training, or whenever you need a little refresher.
Originally created for Jane staff members, Jane’s Security Awareness Training is filled with actionable tips anyone can use, from proper password hygiene to the ins-and-outs of malware protection.
Based in the US? Reference our practical guide for complying with HIPAA
- Based in Canada? Check out the following resources:
- Learn directly from the experts by watching the following webinars: