If you work in a medical, health, or insurance office, then you are well aware of HIPAA Regulations that protect patient health information. Prevention and proper training is the greatest step you can take in minimizing any risk of information leakage. These measures range from proper document disposal to email protocol. Even when it comes to designing your office, there are several HIPAA-compliant features you can integrate into your layout.
 

It’s important to know the best practices for complying with HIPAA regulations, but have you thought about your office layout? An open office design can lead to accidental HIPAA violations, especially if you still rely on physical filing cabinets. Read more about the importance of HIPAA regulations to your office’s design below.

Why Your Office Design Should Be HIPAA-Compliant

The requirements laid out by the original Health Insurance Portability and Accountability Act of 1996, all subsequent amendments to HIPAA and any legislation with a direct influence upon HIPAA — like the Health Information Technology for Economic and Clinical Health (HITECH) Act — determine HIPAA compliance. Certain HIPAA requirements rely on the legal interpretation of vaguely worded clauses. These evasive clauses make HIPAA regulations apply universally to protected health information (PHI), regardless of the Covered Entity or Business Associate involved.

HIPAA and office design work together for:

• Secure record keeping: Confidential records must be out of sight of clients and their families.
• Access limitations: Third parties should be restricted from areas where private information is stored.
• Contingency plans: The integrity of HIPAA needs to be maintained even during an emergency. The layout of your office should also have easy access to emergency exits for maximum safety.

HIPAA-Compliant Office Design Features

A HIPAA-compliant workplace design protects patient privacy. Below are some common features of many offices and adjustments you can make:

1. The Reception Area

Your reception area is the first impression of your office and should be a warm, welcoming space. However, reception desks without privacy boundaries create HIPAA risks when waiting patients can hear private conversations or see private documents. Invest in a soundproof barrier to place between the waiting room and reception area to avoid privacy issues. The clear barrier will give the illusion of an open space, while maintaining privacy between a patient and a receptionist.

Other ways to make sure your reception area complies with HIPAA include:

• Space out your open office: A popular, contemporary style has the desk sit between an open window into the reception room. An open-concept office does succeed in creating a welcoming atmosphere with the desk in a highly visible position from the entrance. You want to make sure the reception chairs are far enough away from the front desk to maintain privacy. Arrange the reception desk to make room for multiple scheduling stations, which will help reduce traffic during peak hours.
• Install sound barriers: To ensure an open desk complies with HIPAA, install fiberglass sound barriers behind it to mute conversations between the entering patients and your receptionist. The ceiling can be treated with acoustical plaster, which looks similar to stucco.
• Install privacy shields: Place more fiberglass panels around the counter to shelter patients making appointments. The reception area, where clients sit while they wait to be called back, should have a decent degree of soundproofing and visual cover. The alcove effect limits the waiting patients from overhearing conversations at the desk. For adjacent scheduling stations, install panels between them using clear or frosted plastic or fiberglass.

2. The Consultation Station

If the station is placed in a private room near the front reception chamber and the operation rooms, your office will save time when each patient can be moved quickly from one room to the next. Other ideas for a HIPAA- compliant workplace design at consultation stations:

• Place a stand-up consultation station in a hallway that leads to the operatory.
• Make the station semiprivate and spaced away from the on-deck areas. 
• Keep your workstations away from high traffic areas. Ideally, install cubicle walls that will create a privacy barrier between each station.

3. Patient Photo Displays

Before and after photos are popular advertising in many offices. Patient photos are considered PHI, and if you wish to display them for other patients publicly, you must obtain consent for the specific usage. Even if your practice displays the pictures on a computer monitor, television or another electronic device, you must get patient consent to use them.

4. Chairs in the Operatory 

For an open-bay operatory, place the chairs several feet apart to comply with social distancing and space regulations. You can include privacy panels between the chairs, but these are unnecessary for HIPAA compliance. Install another panel between the patient chairs and the treatment area for more privacy.

The disadvantage of panels and curtains is that other patients can generally hear conversations behind them. They require space to be effective. The Americans with Disabilities Act (ADA) asks for 32 inches of space clear of the separate adjacent chairs separated by the privacy panel. If you place a narrow panel between the chairs, you must move the chairs several feet apart.

Additional square footage makes incorporating privacy panels between chairs less practical for smaller offices.

5. Delivery Cabinets

You want to be careful when selecting delivery and chairside cabinet systems. During office hours, your cubicles or private offices may provide enough privacy for your employees. However, information loss or exposure can still happen after they leave for the day. Invest in fireproof filing cabinets that come with a lock and key for a complete security system even in the event of an emergency.

Ensure your staff knows to avoid leaving any files in plain sight where patients can see labels with first and last names or paperwork from inside a file.

6. Computers

All mounted computer screens that display patients’ personal information should stay out of sight of operatory traffic and adjacent patients. If needed, you can add a privacy screen over the monitor.

Computers on side-delivery cabinetry are usually set up to face the patient, but this also means they face anyone who passes in front of the monitor. This design is less than ideal and should be updated. An upgrade to modern technology might include a secure tablet or a smart device that staff can slide into their lap and place face down on the counter while idle.

Position your computer away from traffic or anyone other than the user. Invest in computer monitor filters or protectors that guard your screen from prying eyes. Most importantly, remember that a device containing PHI must be secured and must remain inside the office.

Upgrade Your Office With Arnold’s Office Furniture

Did we answer your questions about the best practices for fostering a HIPAA office design? Learning how to create a HIPAA-compliant office is an ongoing process for many business owners. Arnold’s Office Furniture can help you modify your office design to create a HIPAA-compliant layout. Contact us to learn more.