Preventing HIPAA Violations

Whether you’re opening a new medical practice, or starting a business to serve providers, preventing HIPAA violations is likely the last thing on your mind. Even when you make the effort to comply with HIPAA’s requirements for Privacy, Security and Breach Notification, data breaches can still occur.

As news reports of ransomware, cybercrime and hacking increase, it is very easy to forget that the overwhelming majority of breaches are the result of employee mistakes or misunderstandings. That means regular HIPAA training becomes crucial to minimizing the risk of breaches. 

Preventing HIPAA Violations Is Everyone’s Job

Just over 20 percent of all breaches occur as a result of security failures, technical issues or cybercriminals. The rest are administrative, which is the area where employees interact with protected health information (PHI). Regular and effective employee training is the best way to address this potential blindspot. HIPAA requires annual refresher training as part of an effective compliance program, but informal training throughout the year reinforces your commitment to keeping PHI safe.

The goal should be to create a culture where employees understand that they are responsible for HIPAA compliance and are empowered with the necessary knowledge to comply. A data breach caused by a HIPAA violation damages your organization’s reputation in the community you serve. Patients may doubt whether you really care about their privacy. There is also the potential for significant fines from seemingly minor violations of HIPAA rules.

Whether you’re an employer or an employee, examine the common ways listed below that can help prevent HIPAA violations and protect your organization from the effects of a possible breach.

Let’s Simplify Compliance

Do you need help with employee HIPAA training? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

The Employee’s Guide to Preventing HIPAA Violations

Here are nine important steps to prevent HIPAA violations in your organization.

1. Don’t Leave Documents or Devices Unattended

Healthcare employees have careers that can be both rewarding and challenging, often at the same time. In the whirl of activity on a regular day, it’s easy to get distracted and step away from a computer or a file containing patient PHI. Remember that leaving PHI unattended on a computer monitor or in a paper file where unauthorized people can view it or pick it up is a potential violation of HIPAA rules. If someone like a patient, or even another employee not authorized to view the information did so, that would be a reportable breach.

Portable devices like laptops or smartphones have additional concerns. If a device like these containing PHI is lost or stolen and is not encrypted, it is a reportable breach. If the investigation determines that the device was left unattended or was handled in a negligent manner, that is a HIPAA violation and financial penalties can be assessed. 

2. Don’t Share Login Credentials or Disclose Passwords

Every employee in an organization should have a unique login ID. These credentials are designed to allow sensitive information, such as ePHI, to be accessed in a way that is transparent and trackable. These credentials should never be written down or shared with anyone. If someone uses your credentials to access information inappropriately, you may have just put your own career at risk.

3. Never Dispose of PHI in an Inappropriate Manner

While technological advances have reduced the volume of paper records, those that remain must be handled in a secure manner. Most organizations have strict procedures for disposing of PHI in a HIPAA-compliant manner that leaves it unreadable, and unable to be restored. Always dispose of papers containing PHI appropriately.

4. Never Text Patient Information

In the United States, smartphone users send and receive five times more texts than they make and receive calls. Texting is commonplace, whether using SMS messaging, Facebook Messenger or another service. The problem is that none of the common messaging services can protect your information well enough to prevent the accidental unauthorized disclosure of ePHI.</