Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Daily eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!

Traps to avoid: Giving ex-practice employees access to PHI

Your medical office staff understands the imperative of safeguarding personal health information (PHI) and wouldn’t let strangers roam about the facilities freely. But it’s easy for them to lower their guard when a former employee comes back to the practice, e.g., to pick up a final paycheck or just make a social call. Ex-employees are a common and virulent privacy threat, even when they leave on good terms. Many a practice has learned this truth the hard way after PHI was compromised by a former employee returning to the scene.

Problem: Ex-employees pose greater privacy risks

While ex-employees may look like a familiar face rather than a data security threat, they pose serious privacy risks precisely because they are so familiar. Their familiarity literally opens doors that are firmly closed to strangers. Moreover, their familiarity with your practice and its physical facilities, computers and IT systems empowers them to quickly and easily access the PHI you keep. Just allowing the person to walk to an ex-colleague’s work station without escort may be ample opportunity to compromise thousands of records.  

Solution: Treat ex-employees like strangers

Chances are, your medical office policies already provide for excluding access of all ex-employees to PHI, including those that had full access when they were employed by your practice. But it’s also important to remind reception and other public-facing staff of this policy lest they get lulled into a false sense of security or just feel flat embarrassed having to keep an old colleague away from PHI like some kind of common outsider. Here’s a Model Memo you can adapt to deliver that vitally important message.

Editor’s picks:

The 5 Most Common HIPAA Mistakes In 2018 & Simple Ways To Avoid Them In 2019

HIPAA Refresher: Is your practice on top of NPPs?

8 steps to quickly and (almost) painlessly creating an employee handbook tailored to your medical office









Try Premium Membership