Jan Elezian on Privacy Walk-Throughs [Podcast]


By Adam Turteltaub

Having all the privacy policies and procedures in place is one thing. Having them practiced is another, and that’s where a privacy walk-through comes into play.

Jan Elezian (LinkedIn), Director Healthcare Provider Practice, Revenue Cycle Compliance, Regulatory Compliance at SunHawk Consulting, explains that the walk-through is a test of a facility’s privacy and security environment. It includes a tour of high-risk areas – registration, patient intake, wherever else PHI is accessed – to see what employees are actually doing. It can be used to identify how your administrative and technical safeguards are working in the real world and determine where they need to be strengthened.

Before beginning the walk-through, she recommends putting together a checklist of what you will be looking for.  Leave room for taking notes, and hold onto it. That way, when you return for a subsequent walk-through you can easily see how things have changed for the better and worse.

What should you be looking for? A variety of things including:

  • Is staff wearing badges?
  • Are visitors escorted it?
  • Are security reminders posed?
  • Are printers improperly secured?
  • Have papers piled up on the printer?
  • Are privacy practices posted for patients?

Two other things to check for: fire extinguishers and smoke detectors. HIPAA requires safeguards on PHI, she points out, and that includes safeguards against fire.

After you have done your visit she recommends developing a post-assessment remediation plan. There inevitably will be corrective actions needed. Be sure to include follow up steps and dates when the work will be completed.

All this effort will help create a more secure data environment, and give management, the compliance committee and board  greater confidence in your program.