The Employee’s Guide to Preventing HIPAA Violations
Here are nine important steps to prevent HIPAA violations in your organization.
1. Don’t Leave Documents or Devices Unattended
Healthcare employees have careers that can be both rewarding and challenging, often at the same time. In the whirl of activity on a regular day, it’s easy to get distracted and step away from a computer or a file containing patient PHI. Remember that leaving PHI unattended on a computer monitor or in a paper file where unauthorized people can view it or pick it up is a potential violation of HIPAA rules. If someone like a patient, or even another employee not authorized to view the information did so, that would be a reportable breach.
Portable devices like laptops or smartphones have additional concerns. If a device like these containing PHI is lost or stolen and is not encrypted, it is a reportable breach. If the investigation determines that the device was left unattended or was handled in a negligent manner, that is a HIPAA violation and financial penalties can be assessed.
2. Don’t Share Login Credentials or Disclose Passwords
Every employee in an organization should have a unique login ID. These credentials are designed to allow sensitive information, such as ePHI, to be accessed in a way that is transparent and trackable. These credentials should never be written down or shared with anyone. If someone uses your credentials to access information inappropriately, you may have just put your own career at risk.
3. Never Dispose of PHI in an Inappropriate Manner
While technological advances have reduced the volume of paper records, those that remain must be handled in a secure manner. Most organizations have strict procedures for disposing of PHI in a HIPAA-compliant manner that leaves it unreadable, and unable to be restored. Always dispose of papers containing PHI appropriately.
4. Never Text Patient Information
In the United States, smartphone users send and receive five times more texts than they make and receive calls. Texting is commonplace, whether using SMS messaging, Facebook Messenger or another service. The problem is that none of the common messaging services can protect your information well enough to prevent the accidental unauthorized disclosure of ePHI.