5 Simple Ways EMS Agencies Can Improve Their HIPAA Compliance:
- Shred it and Forget it. Most of those paper records you have floating around in offices, garage bays, and storage rooms can be scanned, saved and shredded. Storing patient records electronically on a secure server can greatly reduce the risk that your records will be lost, stolen, or accidentally tossed in trash.
- Engage Others to Make Sure Patients Get Your NPP . You know that document that you’re supposed to be giving out to patients about their privacy rights? It’s called the Notice of Privacy Practices or “ NPP ” and most agencies aren’t “doing it right.” You can ask facilities, your billing company and others if they will follow up by handing or mailing out a copy of your NPP to your patients.
- Have, “The Talk” About Sharing. Just recently, two EMS providers were arrested in connection with taking selfies and videos with patients as part of a “selfie war.” There are plenty of stories out there just like this one, where providers improperly shared patients’ information. Show these stories to your staff members and make it clear that your agency does not tolerate such behavior.
- Make a List, Check it Twice. One of the biggest thing EMS agencies fail to do under HIPAA is a “risk analysis.” A risk analysis can be as simple as making a list of where patient information lives at your agency and identifying what you are doing, or could be doing, to protect it.
- Make Sure Your Privacy Officer is Certified. One of the most effective safeguards against HIPAA violations is having a Privacy Officer who knows the law and how to deal with EMS-specific HIPAA challenges.
The Certified Ambulance Privacy Officer (CAPO) Course is the nation’s first and only HIPAA compliance certification for the ambulance industry!
