The HIPAA Law which protects protected health information (PHI) is well known by healthcare personnel and staff in most clinics, hospitals, and physicians’ offices. However, there are often questions about HIPAA’s rules and regulations. Healthcare providers that are not updated with the new changes in the law can risk potential violations which will not only damage their practice’s reputation but could also lead to civil and criminal fines.
The Health Insurance Portability and Accountability Act – HIPAA- came about in 1996 to set certain standards for the security, confidentiality, and transmission of personal health information. Under the HIPAA Privacy Rule, healthcare providers are required to protect and keep personal health information confidential. HIPAA also has very specific rules, limits, and conditions about the use and disclosure of information without the patient’s consent. The Rule also gives patients a right to their health information that includes being able to obtain a copy of their medical records and to request corrections.
HIPAA also has exceptions to the rules applied when the ability to offer quality healthcare services is being hindered. One example is two physicians discussing a patient when both are treating him. Other situations like peer-reviewed activities or disclosures required by health plans to solve billing issues are exempted.
The Department of Health and Human Services defines Covered Entities to be health plans, healthcare providers, and healthcare clearinghouses which include hospitals, dentists, chiropractors, physicians, optometrists, schools, NGOs that offer healthcare services and government agencies. However, parties affected by HIPAA do not end there. Any Business Associate of a Covered Entity with access to PHI (Protected Health Information) must also comply with HIPAA.
HIPAA violations can have serious consequences. It can result in a huge fine to a practice ranging from $100 to $1.7 million. Healthcare providers also risk the loss of their license if they violate HIPAA. It is easy to violate HIPAA if rules and regulations are not followed correctly. There are common reasons why a healthcare provider might violate HIPAA and these situations can be avoided along with adopting best practices to stay HIPAA compliant.
Here are some of the most common reasons for HIPAA violations.
Employees can gossip and talk about patients with coworkers or friends but this is a HIPAA violation that can cost a practice a large fine. Employees need to be trained to be very careful about what they say when talking about a patient and to be mindful of their environment. Patient conversations have to be restricted to private places and sharing of any kind of patient information with friends and family has to be avoided.
Hucu is a Free HIPAA Compliant Messaging Application to solve communication problems.
Mishandling of Medical Records
It is easy to commit a violation by mishandling a patient’s records. If a practice uses manual or written patient charts and reports, a nurse or physician can accidentally leave these files in the patient’s exam room which is available for another patient to see. Printed medical records have to be kept under lock and key and safely out of reach of unauthorized people.
Stolen and Lost Devices
Theft of PHI through stolen or lost devices such as desktops, smartphones, laptops, and others that contain patient information will result in HIPAA violation. Mobile devices are really vulnerable to theft because of their small size therefore, it is imperative to protect them with a password and encryption system in order to access patient-specific information.
Texting Patient Information
Texting patient information like test results, vital signs, and other important data is an extremely easy and convenient way that providers can give away information quickly. It may seem and sound harmless but it can potentially place patient’s data in the wrong hands of cybercriminals who could access and misuse the information. There are new encryption programs that allow confidential information to be securely texted but both parties have to install it on their wireless device. This is typically not the case therefore, it is best to avoid texting PHI.
WITH HUCU, ONLY AUTHORIZED USERS CAN ACCESS DATA
Unauthorized Access to Patient Files
Unauthorized employees can access patient information and this is a common HIPAA violation. Whether they do it out of spite, curiosity, or as a favor for a friend or relation it is absolutely illegal and can cost a practice its license. Individuals that sell or use PHI for personal gain can be subjected to large fines and prison.
In small rural areas, accidental breach of patient information is common in social situations. Most of the patients are not aware of HIPAA laws and can innocently inquire to their healthcare providers in a social setting about their friend or relative who is a patient. While these inquiries can happen very often, it is best to pre-plan a response to handle the situation and avoid the potential release of private patient information.
Written consent is needed for the use or disclosure of an individual’s personal health information that is not used for payment, treatment, healthcare operations, or allowed by the Privacy Rule. If an employee is not sure, it is better to get written consent and prior authorization before releasing any type of patient information.
Accessing PHI On Home Computers
Most healthcare providers and clinicians use their home computers or their laptops after working hours to access patient information to record notes or maintain follow-ups. This can result in a HIPAA violation if the screen is left on accidentally and a family member uses the computer. It is important to ensure that your laptop or computer is password protected and mobile phones with patient information are kept out of the reach of unauthorized people. This will reduce the risk of patient information being accessed or stolen.
Lack of Training
Subscribe to our monthly newsletter