Healthcare Reception Desks: Breeding Ground for POPI Compromise

Healthcare Reception Desks: Breeding Ground for POPI Compromise

What can patients see on your reception desk?

Your reception desk might be one of the most vulnerable locations in your entire practice. Why? Every patient you treat walks up to the reception desk and discusses their visit with the receptionist for at least a minute or two. What do they see when their eyes wander around that reception desk? What do they hear? What can they grab? Take a photo of?

POPI violations on reception desks

I’ve seen some pretty wild POPI violations from the viewpoint of both a legal advisor patient. The most common violations I see at reception desks are things like:

  • Seeing the receptionists’ open computer with the day’s schedule, complete with full patient names
  • Computer and Wi-Fi passwords written on sticky notes, stuck to a computer monitor (in plain view to the public!)
  • Patient records on clipboards by the keyboard and easily viewable
  • Keys (probably to a back office) within arm’s reach
  • Bulletin boards with new patient names and notes about patients
  • Unopened files which still identify name and address of patients
  • Patient messages for the doctor written on a pad of paper next to the phone on the reception desk, and in full view
  • Recently received faxes left in plain view on the desk
  • Recently printed prescriptions left sitting on the desk in plain view
  • Unshredded patient records thrown in a trashcan shared by receptionists and waiting room patients
  • Patient files placed in clear file holders, clearly viewable to anyone walking by

Each situation I described above is POPI and section 17 National Health Act violation. All it takes is one patient or workforce member to report a single one of those violations and get you on the Information Regulator’s audit radar.

Even worse, what if someone with malicious intentions saw your Wi-Fi password so conveniently displayed on your desk, and decided to hack in and steal patient information? Do you have the technical measures in place to know if this has happened, or is happening?

Stopping reception desk POPI violations

Receptionists have the perception that as long as the information is upside down to the patient, it’s not a POPI violation. That is false, and truthfully ridiculous. A quick picture of that upside down patient information can quickly be turned right side up, or even snatched right off the desk.

You can do a lot to mitigate the risk that your reception desk fosters, but the most important is employee training.

Receptionists, doctors, and nurses won’t leave patient information in plain view on reception desks if they have extensive training explaining why.

Here are some more ideas that will help you keep your reception desk free and clear.

  • Stand where your patients check in, walk the path they walk, and see if you can see any sensitive information (special perssonal information), in any form.
  • Stand at the reception desk and try to locate any administrative information that might assist a hacker to gain access to your system (like your password)
  • If you ever write something on paper, immediately turn it over, or place it in a locked drawer
  • Pull out your phone, put in on the desk. What can you take photos of? It is recommended that you have a no phone policy at the front desk policy.

Many POPI impermissible disclosures are related to human error, and occur by accident. However, that also means most instances are avoidable. With the right procedures and training in place, you should be able to make sure your reception desk area is violation-free and POPI/ National Health Act compliant.

Leave a Reply

Your email address will not be published. Required fields are marked *