HIPAA Compliance in Telephone Triage
Telephone triage provides accessibility to healthcare outside traditional business hours. Since telephone triage nurses communicate with patients over the phone, many of them work from their home offices.
What does this mean in terms of HIPAA privacy? Like in other specialties, telephone triage nurses must follow the same HIPAA compliance rules as all other health care professionals. However, the steps to protect patient privacy may differ due to the work environment. In some aspects, working remotely makes it easier for telephone triage nurses to maintain HIPAA compliance because there is less of a risk of someone walking by and seeing their computer screen. It is important for telephone triage nurses to have a defined workspace within their home. This space should have a door to provide a quiet environment and privacy.
According to the U.S. Department of Health and Human Services, the HIPPA Privacy Rule “protects the privacy of individually identifiable health information” (2014). Boundaries should be set in place so that family members understand the need for telephone triage nurses to have privacy. If another individual needs to enter the room, they should knock and wait for the nurse to open their door. The nurse should complete the call or put the patient on hold for a moment while they minimize their screen and open the door. When stepping away from their desk the nurse needs to lock the computer screen and at the end of the shift the triage nurse should fully close out of all programs.
Telephone triage nurses have to coordinate patient care, just as nurses in traditional settings, but working remotely presents its own set of challenges to collaborate. Any communication with physicians, nurses or other healthcare providers must be through secure channels. Direct phone calls and secure texting are two of the most common ways of communicating with physicians. Secure chat is also very effective between nurses. Email, on the other hand, is not secure. When nurses need to use email, they must use a HIPAA complaint identifier such as a note number along with generalized dialogue such as “I have a 2 year old with a rash. What guideline should I use?” None of the 18 Protected Health Information (PHI) components can be included in any non-secure email or other non-secure form of communication. A few examples of identifiers under the HIPAA Privacy rule are: names, telephone numbers, health plan beneficiary numbers, full face photographic images, and account numbers.
Although telephone triage may differ from the traditional medical setting, this field upholds the same diligence towards HIPAA compliance.
For more information about the 18 HIPAA Privacy Identifiers visit: