HIPAA violations are unfortunate yet common occurrences in the healthcare industry, that can come with hefty costs such as high fines and annual penalties. These violations can be truly detrimental to a medical practice, and since HIPAA regulations can be quite complex and constantly changing, it is crucial to keep your staff adequately informed and trained on HIPAA compliance. Here, the liability insurance professionals at Unity Insurance discuss several frequent HIPAA violations as well as the importance to understand these occurrences in order to better prepare your staff and protect your practice against potential lawsuits.
Lack of Security or Inadequate Protection
Any documents including protected health information (PHI) should be treated as confidential and kept in secure locations at all times, whether that means physically locked in a desk or digitally protected by a password login. Adding a further layer of security through encryption can provide added protection for these confidential PHI files. If any of these PHI documents were to be stolen or become lost, the fact that they are now encrypted makes them less vulnerable to hacking. However, it is important to note that even though no one ever believes that it will happen to them, hacking and data breaches are quite common occurrence and serve as active threats to medical PHI. in order to help protect your medical practice, as well as your patients, from the threats of hackers, it is strongly recommended to install antivirus software, use firewalls on all of your technological devices, as well as create difficult and unique passwords to change frequently.
Concerns Within the Workplace
It is important to take extra precautions regarding PHI and other confidential medical information, even within the workplace itself. Not only should PHI documents, both physical and electronic, remain secure, but the devices that hold these confidential files should be kept protected and secure as well. The loss and theft of devices containing PHI, such as mobile phones and laptop computers, is most definitely possible, even within the workplace environment. These devices should always be kept in a secure location, or at least be encrypted or password protected.
Continuing with violations within the workplace, it is important to ensure that all employees are properly trained on HIPAA regulations and compliance; in fact, it is even a requirement of the HIPAA law. Employees must also never discuss PHI with their coworkers or peers during lunch breaks, as doing so can be followed by substantial costs. If employees are to discuss matters concerning PHI, it should be done so behind closed doors and with authorized personnel only. Additionally, employees should never be dishonest about their intent to view unauthorized documents, as this can also be followed by harsh punishment.
Additional PHI Breaches & Noncompliance
When it comes to the disposal of PHI documents and information, it is critical that employees and other staff members understand how to properly dispose of these files. Whether they are physical or electronic, any PHI records should be destroyed, such as paper shredding or wiping an entire hard drive. If this information is not properly disposed of, someone with malicious intent could get it into their possession and it could become a serious HIPAA violation.
The unauthorized release of PHI is another occurrence that can lead to a HIPAA violation. It is most common regarding celebrities and public figures, however, it can also happen to the everyday medical patient. When medical personnel, or even the media, release any PHI to unauthorized family members of personnel, they are also committing a HIPAA violation. Furthermore, PHI should only be discussed with those whose knowledge of it is essential: the patient, doctor, and the one providing the funds for the medical service. If one were to discuss PHI with those who do not have the proper rights or access, it is another violation of HIPAA. In order to prevent this common occurrence, it is once again important to keep all employees and medical staff aware and educated about HIPAA regulations and procedures.
Speak With a Medical Liability Attorney For Guidance
To keep your business compliant with HIPAA and ensure the protection of you and our employees, consider discussing this topic with your liability attorney, or contact MedChi, The Maryland State Medical Society, for more information.