Patient privacy is incredibly important in the healthcare field. Whether providers are serving people in a clinic or in the comfort of their patients’ homes, they must remain HIPAA compliant. HIPAA, or the Health Insurance Portability and Accountability Act, was passed by Congress over two decades ago to ensure the security of Protected Health Information (PHI). HIPAA compliance applies to more than just healthcare entities, though. Any entity that handles PHI at any point must follow the stipulations of HIPAA, even your auxiliary applications and software. 

For home healthcare and hospice care services, using a field employee tracking app is an efficient way to automate expense and mileage tracking activities. However, these kinds of applications invariably touch PHI – even indirectly – throughout their use by caseworkers. When choosing the software that will make your organization more productive, you need to consider their ability to comply with HIPAA.

What it Means to be HIPAA Compliant

HIPAA was implemented to combat fraud by ensuring that health information that can be tied to a patient is kept secure and confidential. PHI can be more than someone’s name. Parts of names, geographic identifiers, dates related to a patient, phone numbers, email addresses, vehicle information, medical record numbers, fax numbers and any other unique characteristics that could identify a patient are considered PHI and protected under HIPAA. To be compliant, you need to fulfill the requirements of HIPAA, its amendments and any related legislation such as the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Nearly everyone in the healthcare field in considered a Covered Entity and needs to follow HIPAA requirements including healthcare plans, healthcare providers and endorsed sponsors of Medicare. “Business Associates” – entities that provide third-party services to Covered Entities in which they will encounter PHI – are also covered by HIPAA. Business Associates can include anything from cloud storage services, IT contractors and billing companies. 

HIPAA Compliance for your Field Employee Tracking App

Apps that record information for HHC workers inevitably store PHI, whether they’re tracking expenses, trips or other activities. Even if it doesn’t save patient information such as phone numbers or email addresses, apps may still include other bits of data such as service addresses, trip or route information and even notes from patient visits. This means in order to take advantage of any kind of field employee tracking app, it must follow the same standards you do. 

Failing to comply with HIPAA regulations can have serious consequences for any Covered Entities or Business Associates. Should there be a breach of PHI, fines, criminal charges and civil action lawsuits could be filed. Being ignorant of HIPAA regulations is not a justifiable defense, either. It’s your responsibility to be aware of and follow all technical, physical and administrative safeguards or, explain why you haven’t. The apps your mobile field employees use could potentially be a weak spot as far as HIPAA compliance is considered.

How to Ensure You Aren’t Putting Your Patients at Risk

So, what do you need to look for in the field employee tracking app your mobile caregivers and caseworkers will be using? You need to make sure confidential information is being safeguarded per the HIPAA Security Rule. There are three areas to consider: technical standards, physical standards and administrative standards. 

Technical Safeguards: These safeguards concern the technology used to protect and access PHI. First and foremost, data needs to be encrypted at NIST standards. This ensures that if any data is breached, it will be unusable. Any applications that encounter PHI must also include safeguards that will control access, such as secure logins and PINs, and you need to be able to track activity to determine who has accessed data and what they did with it. 

Physical Safeguards: These safeguards focus on the physical access to PHI, whether it’s located in a virtual location such as cloud storage or the physical servers. This area also addresses the security of your own computers and mobile devices. Servers where PHI is stored must remain secure, and access to the physical location should be controlled. Internal firewalls must also be maintained and regularly monitored to prevent data breaches. 

Administrative Safeguards: The administrative safeguards constitute the collection of all the policies and procedures in place to ensure the privacy and security of patient information. You must ensure that any software you use has the appropriate guidelines in place ensuring their own compliance through regular risk assessments, employee trainings on security protocols and restriction of unauthorized third-party subcontractors. 

Software that Exceeds Standards

Security and efficiency don’t need to be mutually exclusive to your organization. SureMileage from CompanyMileage is a secure field employee tracking app designed to automate trip planning, mileage tracking and expense reporting processes for companies and organizations utilizing a mobile workforce. Our SureMobile app makes it simple for HHC workers to track mileage and submit expense reimbursement reports, all while meeting or exceeding standards set by HIPAA and its accompanying regulations. 

Our three-tiered approach to security ensures that your data is secure and protected at all times. CompanyMileage meets the highest encryption standards while data is in transit and at rest, and we have robust access controls to protect the integrity of user accounts. Our facilities and servers are securely maintained and monitored 24/7, and we have firewalls in place to prevent unauthorized access to the system. To guarantee our clients’ privacy, our library of policies and procedures safeguard against unauthorized disclosures and breaches of confidential information. 

Automating mileage reimbursement doesn’t have to come at the risk of patient privacy. With a HIPAA compliant field employee tracking app such as CompanyMileage, you can safely address the inefficiencies in your internal processes. Schedule a demo with us today, and learn more about the benefits SureMileage has in store for you.