All businesses that obtain and maintain healthcare information must provide the highest standards to protect the information from accidental or deliberate misuse or disclosure.

• New patient information is verified with a driver’s license or state issued ID.
• Insurance information is verified with a driver’s license or state issued ID
• Credit card transaction is verified with a driver’s license or state issued ID
• Third-Party Disclosure

Patient information is disclosed to third-party entities for the following purposes only,

• For treatment
• To obtain payment for treatment
• For healthcare operations

Control Accidental Disclosure - work practices that reasonably prevent accidental disclosure must be exercised at all times.  From a simple procedure of covering protected health information to locking-up unattended filing cabinets, to being aware of the surroundings when discussing patient information is vital.  In addition, patient’s protected health information should never be discussed out-side of work under any circumstances or for any reasons.

Restrict the use of Patient Information - the patient’s protected health information (PHI) must be used for healthcare related purposes only.

Apply the Minimum Necessary Rule – the concept of the “Minimum Necessary Rule” is that the very minimum of protected health information (PHI) be used, accessed or released for any purpose or task even if an exception is permitted.

No Marketing Activity – at no time protected health information may be sold or transferred to any third party for the purpose of marketing activity, whether for profit or not, or to introduce a person, business, product, or service.

Control Electronic Transmissions – prior to transmitting protected health information (PHI) on electronic devices such as computers, fax machines, voice mail, and telephones, it must be determined whether it is secured and if confidentially will be maintained and not compromised.

Control Discarding Protected Health Information – all documents that contain protected health information (PHI) when discarded must be shredded or destroyed, to prevent disclosure.  At no time documents containing protected health information are discarded if confidentiality will be compromised.

HIPAA and Patient Information Security is achieved only when employees are well trained, well informed and apply what they have learned.

After hours phone message must provide clear and complete instructions to the caller. The message should include the following,

1. The hours of operation
2. How to leave a message
3. In case of a medical emergency hang-up and call 911
4. How to contact the doctor in case of a dental related emergency
5. How to contact an on-call doctor when the doctor is not available.