There must be a Policy and Procedure regarding volunteers. Volunteers should have had a reference check and background check; a job description and then performance review after 3 months and then an annual review (discussion) regarding performance; HIPAA training prior to starting and annually; sign Confidentiality Agreements; if using the computer, sign Computer Use Agreements, etc.
See http://www.mcknights.com/guest-columns/best-practices-for-volunteer-services/article/489441/?DCMP=EMC-MCK_Daily&spMailingID=14222309&spUserID=NTg4NjI4NTgzODES1&spJobID=760981406&spReportId=NzYwOTgxNDA2S0
for more discussion on volunteer management.
We recently learned that a young teenage volunteer’s mother had come to the facility, taken pictures of him helping residents and posted on Facebook. This was a breach. Parents should attend training, too!
When thinking about business associates and security clauses, how do other facilities handle HIPAA security with volunteers? Thanks