Front Office Privacy Breaches. HOW ARE YOU AT RISK?

In any hospital or medical office, the front office staff is usually the first point of contact for patients. But these locations are also stopping points for individuals with wandering eyes, including vendor reps, family members, and couriers. As a result, front office workspaces are vulnerable to a privacy breach involving patient protected health information (“PHI”).

Some examples of potential breaches include:

  • Computer screens with full patient demographic information visible to the public.

  • Face sheets or insurance information sitting out on a desk.

  • Copies of claims waiting to be filed with payers.

  • Messages from patients to clinicians containing symptom, treatment, prescription information.

  • Employee passwords or other credentials written on sticky notes.

Given the fact that a patient, or other individual can file a complaint directly to the Department of Health and Human Services, Office for Civil Rights (“OCR”), the above-noted examples often show up as subjects of an OCR investigation.

SunHawk would like to offer the following tips to help your front office staff safeguard your PHI:

  • Make sure you have organizational policies addressing the safeguarding of your patient’s PHI.

  • Conduct periodic rounds or observational assessment walk-throughs.

  • Do you see PHI sitting out?

  • Are computer screens viewable to the public?

  • Is PHI properly disposed of?

  • Are there sticky notes with log-in credentials sitting out?

  • Observe your front office area from the patient’s point-of-view. When you walk in, what do you see?

  • Conduct staff education and training specific to the front office staff and how to safeguard your PHI.

Call to Action:

If you are in need of assistance with auditing your front office staff locations or conducting education and training, SunHawk Consulting’s team of highly skilled and experienced subject matter experts in Healthcare and Life Sciences Industries including Compliance and HIPAA can help.

For more information, contact SunHawk Consulting through their website at