Welcome to part two of our two-part blog series on HIPAA compliance. In the first part of this blog series, we discussed the basics of HIPAA compliance, including the HIPAA Privacy Rule and the HIPAA Breach Notification Rule. In part two, we’re going to look at a list of common HIPAA violations so your healthcare facility or workplace can stay on top of HIPAA compliance requirements.
A List Of The Most Common HIPAA Violations
Ignoring A Company Risk Analysis
One of the most common HIPAA violations is the failure to perform an organization-wide risk analysis. If this analysis is ignored or not performed on a regular basis, healthcare facilities and other organizations will be unable to determine whether any vulnerabilities to their PHI exist. As a result, it can leave your patient’s PHI open to hackers.
Failure To Use Encryption Or The Like
To truly put your best foot forward in safeguarding your business, you’ll want to do everything you can to prevent data breaches. One of the best ways to do this is to encrypt your patient’s PHI. While this is not required under HIPAA, your organization must find an alternative security measure if encryption is not in the cards. Unencrypted data can easily be accessed, so it’s in your best interest to have all PHI data encrypted.
Using Unsecure Technology
In order for doctors, nurses, and behavioral health facilities to provide proper care to patients, they must be able to communicate PHI to other healthcare professionals. This can be through email, text messaging, or other forms of electronic communication. If your facility is using unsecure technologies that do not offer authentication or encryption, your patient information may be vulnerable to a variety of threats.
Lack Of Employee Training
Employee HIPAA training is a requirement of HIPAA law. If you’re doctors, nurses, or behavioral specialists are not well-trained on the laws of HIPAA, it could result in serious fines (and even data breaches if you’re not careful). To ensure your practice doesn’t get hit with costly fines, make sure your staff is trained on how to properly dispose of PHI records. If your employees leave patient diagnosis and medical procedures lying around in the trash can, you could be in some serious trouble.
To put this into perspective, in 2014, Parkview Health Systems was charged an $800,000 fine because its employees left 71 boxes with up to 8,000 patient records on a physician’s outside porch.
Lost Or Stolen Electronic Devices
Did you know that the theft of PHI through lost or stolen laptops, smartphones, tablets, and desktops can result in HIPAA fines? Due to its size, mobile devices tend to be the most vulnerable to theft in hospitals, nursing homes, and other healthcare facilities. It’s always wise to safeguard office electronics with passwords so thieves are unable to access sensitive patient information.
Improperly Disclosing PHI
If your nursing staff gossips about patients to friends, family members, or other coworkers, this is a clear HIPAA violation. Employees should know that PHI conversations should be restricted to private areas and conducted behind closed doors.
At Inpriva, we’re proud to be an industry leader in adopting open standards and methods for the secure transmission of personal health information. While our hDirectMail plans were originally developed for interoperable, secure messaging between healthcare providers and their business associates, it has been extended to support the needs of collaboration required by social services, public health services, and population health monitoring. Learn more about our secure messaging system online, or visit our plans and pricing page today. If you have any questions about our secure messaging system, contact our team today.