Smartphones Put Pharmacies at Risk for Inappropriate PHI Disclosures

PAAS National®’s Fraud, Waste, and Abuse and HIPAA compliance program updates for 2020 included a new section: 11.11.5 Audio, Video, and Social Media (see our February article FWA/HIPAA Compliance Program Changes for 2020). Smartphone utilization has, unfortunately, become pervasive with patient interactions. Patients on their phone while trying to consult on new medications, or a patient snapchatting a friend while waiting for their prescription to be filled is all too common.

Pharmacies need to develop 

Become an audit assistance member today to continue reading this article. As a member, you’ll have access to hundreds of articles and receive our monthly proactive newsletter!

and enforce a policy to mitigate inappropriate protected health information (PHI) disclosure risk given the tendency for patients to have their phone accessible at the pharmacy counter and in the patient waiting area. It is the pharmacy’s responsibility to safeguard the PHI of patients, which can include audio/video recordings by someone other than the patient. Staff awareness and training become a critical component to enforcing these policies and handling them with tact.

Discovering a PHI breach occurred through an audio/video recording needs to be documented appropriately and handled swiftly. A patient, or customer, who obtains another patient’s PHI through inappropriate methods [in the pharmacy] should be banned from the pharmacy and, if PHI was posted on social media, requested to remove the offending content. Should they refuse or fail to act promptly, reaching out to the social media platform to request removal of the offending breach would be prudent. These efforts need to be documented thoroughly in an incident report.

See the full list of 2020 FWA/HIPAA changes with additional updates on the PAAS Portal. PAAS works tirelessly to keep you one step ahead of the game and in compliance.

PAAS Tips: 

  • Confirm your HIPAA compliance program is staying relevant
  • Ensure employees are adequately trained on HIPAA to mitigate risk (see our eNewsline for an OCR fine that cost a provider $10,000)
  • Compliance programs offered through an entity affiliation may not be the best choice to protect your pharmacy.

PAAS Audit Assistance members can view the full article on our eNewsline.

Trent Thiede, PharmD, MBA