4 Common HIPAA Violations to Avoid

The availability and access to patient health information and medical records has increased in recent years due to several factors including technology and electronic medical records. This has made healthcare faster and more efficient, but it has also opened up security and privacy concerns and risks. The Health Insurance Portability and Accountability Act (HIPAA) was put into place nearly two decades ago to help combat some security and privacy concerns related to personal health information.

In the daily grind of healthcare, it can sometimes be hard to keep HIPAA compliance front of mind. All employees in healthcare fields should undergo HIPAA certification and training to make sure they understand all the laws and policies. They will be less likely to violate a HIPAA law if they are aware of all the laws and their purposes.

Still even with HIPAA certification, there are some common HIPAA violations that sometimes occur. Below are four examples of common HIPAA violations and steps to prevent them:

– Breach of oral privacy. Personal health information is not restricted to just electronic or paper medical records. It applies to verbal information as well. Healthcare professionals with direct contact to patients like nurses, receptionists, and doctors need to be careful when they say anything that could be considered personal health information. Violations can occur if the employee says aloud a medical condition of a patient in front of other patients or other unauthorized employees. An oral violation can result in a fine anywhere from $100 to $1,000 per violation. A good way to avoid oral HIPAA violations is to never say anything identifying a patient unless you are alone in the room with them.

– Security breach through email. This type of violation is when an employee with access to personal health information sends the private information via email without the proper precautions. Even if the recipient of the email is authorized to that particular personal health information, the email could still result in a HIPAA violation if it was sent in a way that others could see it. All emails should be encrypted and password protected. A general rule of thumb is to not email personal health information at all.

– Accessing personal health information or patient records without a valid reason. One of the most common HIPAA violations, this can occur in several ways. One violation is if someone who does not have security clearance accesses patient information they are not cleared for. Another way the violation could happen is if an employee with proper security clearance accessed patient information for an invalid reason. An example would be a doctor looking up the medical information of a relative or friend they know is in the hospital, but they are not personally treating. Giving someone who does not have security clearance your password to secure files could also result in a HIPAA violation. To prevent this, only access information you have legal permission to access and never tell your computer passwords to anyone.

– Failing to destroy old patient information. Under HIPAA regulations, outdated or incorrect patient information must be destroyed to avoid misuse of the personal health information. Any old medical records or files with patient information need to be systematically destroyed. To stay on top of files and avoid HIPAA violations, assign this responsibility to a particular employee or employees and have expressed written policies on when to destroy records.

With knowledge about HIPAA policies and the awareness of violation pitfalls, you can avoid HIPAA violations and the fines that accompany them.

For more information, please visit our HIPAA Training website.

For more information, please visit our HIPAA Training website http://www.hipaaexams.com/hipaa-training.asp

Author Bio: For more information, please visit our HIPAA Training website.

Category: Advice
Keywords: HIPAA Training

Leave a Reply