Common HIPAA Violations to Avoid
Health care professionals across the industry face common HIPAA violations every day–sometimes without even realizing it.
Whether it’s a simple misplaced USB drive, or a piece of patient documentation that’s been improperly disposed of, the risk of HIPAA violations are commonplace throughout behavioral health practices and all HIPAA-beholden entities. HIPAA regulation states that “covered entities”–any health care provider, health insurance plan, or health care clearinghouse–must uphold strict privacy and security standards to safeguard protected health information (PHI). PHI is any demographic information that can be used to identify a patient, such as name, address, telephone number, email, medical records, or full facial photos.
Any time PHI is improperly handled, accessed, transmitted, or disposed, there is a chance that your business may have experienced a HIPAA violation. HIPAA violations are various in their scope and severity, but the important thing to remember is that the HIPAA Breach Notification Rule states that any breach of PHI must be handled with care. Even a breach of a single individual’s PHI is covered under HIPAA regulation.
Common HIPAA violations include, but are not limited to:
- Stolen or lost device, including laptops, smartphones, or USB drives that contain PHI
- Malware or ransomware attack
- Hacking incident
- Data breach caused by a telehealth vendor
- Data breach caused by an EHR vendor
- Burglary at your office
- Incorrectly sending PHI to wrong patient/address
- Discussing a patient’s PHI in front of third-parties
- Improper social media use
Your behavioral health practice may have already experienced some of these common HIPAA violations. The important thing to remember is that there are always ways to remedy a HIPAA violation. Patients should always be notified of their involvement in a breach, and you can use this link to report any HIPAA violations and data breaches to The Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
Keep in mind that the best way to protect you behavioral health practice from these common HIPAA violations is by implementing an effective HIPAA compliance program within your practice.
If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.