The Hidden Risks Of Your Office Staff

office staff security Feb 18, 2019

You trust your staff.  And you should, ... to a point.

There is a lot of trust that is needed in an office setting, otherwise, you would have to watch over everything that was done, by everyone. That simply can't be done effectively, nor should it.

But there are still items that your staff simply should not have access to. It's not that hard to take control over various items in the office that can get you into trouble. Yes, get YOU in trouble.  Often these items can be controlled through your EMR program and effective policies, procedures, job descriptions, employee handbooks ... and fair, yet effective disciplinary actions for violation of those policies.  

So what are these items?  In an article in Physician Practice, the author Ericka Adler, mentions various "at-risk" items such as...

  • Unrestricted employee access to medical records
  • Employee's ability to write orders for their own use (i.e. lab tests)
  • And amazingly... employees writing their own prescriptions.

Think of the potential liability of any of these items.  

  • Someone reads a chart that they were not authorized to look at, yet still had access.  It can be your problem because of your HIPAA program.  Worst case scenario?  A high profile person's information gets into social media.  Next thing...you have the lawyers banging on your door. 
  • Someone orders a blood test that comes back abnormal.  The result gets charted, but they don't tell you about it.  If there is a bad outcome and that test could have made a difference, it's YOU  that will have to answer to the plaintiff's attorney, or perhaps the prosecuting attorney, why you didn't know about the test.  Even if they acknowledge that you didn't order it...you will be held responsible for the lack of order controls in your office.
  • Ditto for prescriptions that you didn't authorize.  An antibiotic that causes C Diff?  How about an opiate overdose?  Or other scheduled medications sold on the street...with your name on the label.   Or a drug reaction or drug interaction that requires hospitalization?  Even if you didn't authorize the medication, you will be the one in the hot-seat explaining what happened, and why you didn't put in effective controls.

You can see that risks of unauthorized staff actions can result in significant liability and risk for you.  It's up to you to protect yourself, your practice, and ultimately your personal assets.

So, what should you do?

Here are a few suggestions.

  1. Make sure that all of your policies, procedures, handbooks and job descriptions accurately list the permissions that each position in your office has and maybe even those that they don't have.
  2. Ensure that you have proper safeguards on your EMR and ordering capabilities, to avoid inappropriate use by your staff.
  3. Your office policy regarding passwords and log-ons should be clear, unambiguous and strictly enforced.  One person, one log-on should be on the top of the list, along with prohibition of sharing of log on's.
  4. Disciplinary action for violation of these policies and procedures should be spelled out, be appropriate, and uniformly applied.  Zero-tolerance.
  5. Keep your physical records, i.e. patient records, prescription pads, etc. secured, electronically and physically.

While nothing can be put into place which is 100% effective, good systems will help reduce the potential for office staff mischief.  

Remember the WhiteCoat ARP program:

Assessment of Risk => Reduction of Risk => Protection of Residual Risk

This simple three-step process can help you better manage the multitude of risks in your office in a way that is easy to remember...and effective.

Read more about this important topic here: 

http://www.physicianspractice.com/law-malpractice/dont-give-employees-unrestricted-access-medical-records

 


WhiteCoat Risk Management provides these articles to help improve general risk awareness in all aspects of your life.  It is not responsible for any actions you take or fail to take regarding any aspect of your financial planning or risk management.  This article is provided for information purposes and is not intended to provide individualized advice. You alone are responsible for your financial decisions.  

Visit or contact WhiteCoat Risk Management at www.WhiteCoatRiskManagement.com or join us on Facebook at https://www.facebook.com/WhiteCoatRisk/ 

Close

50% Complete

Just one more thing to do...

Thanks for your interest.  Once you enter your first name and email, be sure to check your email and complete your opt-in.  While you are at it, be sure to "white list" emails from WhiteCoatRiskManagement.com  

Thanks!

Why do we do a double opt-in?  Because we want to provide you with that extra degree of security.