Make HIPAA work for you: Take a customer service approach for better public relations

CLICK to Email
CLICK for Print Version

Every time a patient asks a question about HIPAA, your staff members have an obligation to answer correctly and in compliance with the regulation. HIPAA requires accuracy, but providing that alone is a missed opportunity for your facility. With a bit of extra effort, your staff members could significantly improve your facility’s public image by stressing why you comply and how you are constantly working to protect patient information.

“I can’t think of the last time I walked into a healthcare provider’s office and had them tell me how great they are at keeping my information confidential,’’ says Lori-Ann Rickard, JD, a healthcare lawyer for Rickard & Associates, PC, in St. Clair Shores, MI. “They hand you a Notice of Privacy Practices (NPP), and that’s it. But there’s so much in the news now about privacy . . . I think there are great public relations possibilities in that. You have to do it anyway, and it doesn’t cost you anything extra. You’re providing a service; why not get the [positive public relations] out of it?’’

Change how your staff thinks

How can you convert routine questions into opportunities to promote your institution? For starters, make sure that your staff members are following all of the HIPAA rules and understand the regulation well enough to answer questions correctly. Then teach them to go a step beyond mere accuracy, and explain to patients why you follow these rules and how it helps protect patient rights. 

Rickard recently went to a provider who asked her to sign an acknowledgment that she’d received an NPP, without actually handing her the notice. Such glitches don’t help your image, and you need to train staff to avoid them. But take the time to go a step further. Have your staff members add a simple explanation about how the NPP outlines all you do to protect patient confidentiality. 

“Nobody ever pitches it like that,’’ says Rickard. “The office staff just think of [HIPAA] as one more thing they have to do.’’

To change the mind-set of your staff members, you may want to refocus your compliance training so that you emphasize the benefits of good security and privacy procedures. 

“If you train your employees as if [HIPAA] was just one more thing they have to do, who’s energized by that?’’ asks Rickard. Instead, try emphasizing that HIPAA is good for patients and their privacy needs. Your staff members will respond far better, she says. “People like to work in a place where everybody’s talking about good service as opposed to a place where everybody’s yelling at you to do extra work for no apparent reason.’’

You should also stress the customer service aspect of HIPAA rules, says healthcare attorney Norbert Kugele, JD, of Warner Norcross & Judd, LLP, in Grand Rapids, MI. A common problem in hospitals is the tendency for staff members to be overly cautious when patients or their families ask for information, for fear of violating HIPAA. Even when the regulation allows them to communicate information to a patient’s family and friends, they may choose not to do so. Spend time training staff members about how and when they can safely give out information under HIPAA, says Kugele. Affirm how important proper disclosures are so that your staff members don’t unnecessarily and unfairly restrict information. 

“I often see hospital [employees] who aren’t properly trained on how much information they can share,’’ says Kugele. “Sometimes there’s a knee-jerk reaction not to share anything with anybody. But [staff members] will be more satisfied if you train them to understand the rules and share information appropriately. Everybody should understand the rules, not just your HIPAA officer.’’

Differentiate between HIPAA and other laws

You also want to monitor closely how your staff members respond to inquiries for information that isn’t protected by HIPAA. Sometimes staff members use HIPAA as a blanket excuse for whenever they can’t—or won’t—give out information. Even when they may actually be following a state law or hospital procedure designed to protect the patient, your staff members may blame HIPAA. Be sure to train them to explain accurately why they’re denying a request for information or requiring paperwork or some other safeguard before releasing information, Kugele says. 

“Don’t blame HIPAA for everything,’’ Kugele says. “I don’t think it’s a bad thing to say that your hospital has privacy policies and procedures that it follows. Own up to them and explain them. Patients will react better.” 

Plan ahead for common requests

It’s also important to make sure that you have procedures in place to deal with routine requests covered by HIPAA rules. This may include patient requests to opt out of a facility directory or to not disclose information to a certain person. Train your staff members to manage common requests appropriately and in a timely fashion, Kugele says. This doesn’t mean you have to agree to every request, but you need to respond promptly either way. This can be more complicated than it sounds, because patients may make requests of anyone who enters their rooms, such as an aide or maintenance staff member who doesn’t normally handle such requests. Make sure that you train all staff members who may have patient contact in how to communicate requests to the right people. 

You need to train aides not only in what they should do when they get requests—who they should communicate the request to and how they should follow up—but also why it is important that they do so, says Kugele. 

Properly processing and fully responding to requests will inevitably lead to improved patient satisfaction and help improve your facility’s image, Kugele says. To accomplish this, you’ll need to tailor your training for each department so that every staff member knows how to manage the specific situations he or she may face—not just from a compliance standpoint, but also from a customer service standpoint. 

“A lot of HIPAA training is very high-level—it’s about what HIPAA requires,’’ Kugele says. “It doesn’t drill down to what the regulation means to the nurse or the nurse’s aide dealing with patients in their hospital room.” The proper response for staff members may vary greatly based on their roles. A patient’s nurse will need to respond quite differently to a request than a lab technician who happens to be passing through, says Kugele.

It’s also a good idea to establish ongoing staff training that focuses on both HIPAA requirements and the customer service angle to reinforce your message, Kugele says. It can take some reinforcement before you get your customer service point of view across to your staff members. 

Develop procedures and train staff members to head off common patient misunderstandings that can create bad feelings, says Rickard. For example, it’s become common for parents to send children to a physician accompanied only by a babysitter. But parents may not realize that the physician can’t release information to the sitter without authorization. You may want to explain to parents why you can’t give unauthorized information to a babysitter. Then take the opportunity to create a procedure to accommodate everyone’s needs. 

Another example is elderly patients who wish to keep some of their children informed about their conditions but not others. You may want to ask all patients to fill out a form on their first visit authorizing you to share information with individuals of their choice. Then create an office procedure to make sure that staff members review those forms before contacting patients’ families. 

Explain your procedures

Patients may misunderstand what information you can give out, says Rickard. “It really helps to explain. Tell them that you are doing everything for their protection, and make sure the office follows through on their wishes,” she explains. Otherwise, patients just feel like you are making them fill out yet another piece of paper, she says.

Make sure you have set up good internal procedures, Rickard adds, so that you follow through on what you’ve promised to do. If you make people sign a form authorizing the release of information to certain relatives, have your office staff check that form before giving out information over the phone.

It’s also important to have sound procedures for managing complaints in a timely, professional fashion. Make sure that you’ve trained staff members to talk respectfully with patients, families, and friends. Investigate any complaints they may have, and get back to them quickly so they feel that you are taking them seriously, Rickard says. Don’t be afraid to apologize. 

“I’m always a big fan of honesty and being up front,’’ says Rickard. People appreciate it when you deal with them fairly, he adds.