Common HIPAA Violations to Avoid

Common HIPAA ViolationsHealth care professionals across the industry face common HIPAA violations every day–sometimes without even realizing it.

Whether it’s a simple misplaced USB drive, or a piece of patient documentation that’s been improperly disposed of, the risk of HIPAA violations are commonplace throughout behavioral health practices and all HIPAA-beholden entities. HIPAA regulation states that “covered entities”–any health care provider, health insurance plan, or health care clearinghouse–must uphold strict privacy and security standards to safeguard protected health information (PHI). PHI is any demographic information that can be used to identify a patient, such as name, address, telephone number, email, medical records, or full facial photos.

Any time PHI is improperly handled, accessed, transmitted, or disposed, there is a chance that your business may have experienced a HIPAA violation. HIPAA violations are various in their scope and severity, but the important thing to remember is that the HIPAA Breach Notification Rule states that any breach of PHI must be handled with care. Even a breach of a single individual’s PHI is covered under HIPAA regulation.

Common HIPAA violations include, but are not limited to:

  • Stolen or lost device, including laptops, smartphones, or USB drives that contain PHI
  • Malware or ransomware attack
  • Hacking incident
  • Data breach caused by a telehealth vendor
  • Data breach caused by an EHR vendor
  • Burglary at your office
  • Incorrectly sending PHI to wrong patient/address
  • Discussing a patient’s PHI in front of third-parties
  • Improper social media use

Your behavioral health practice may have already experienced some of these common HIPAA violations. The important thing to remember is that there are always ways to remedy a HIPAA violation. Patients should always be notified of their involvement in a breach, and you can use this link to report any HIPAA violations and data breaches to The Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

Keep in mind that the best way to protect you behavioral health practice from these common HIPAA violations is by implementing an effective HIPAA compliance program within your practice.