If you work with US citizens, keeping patient records secure is crucial to survival healthcare practice. As an organization or an individual practitioner, you know that the financial implications of a HIPAA breach can be staggering.
A HIPAA breach occurs when protected health information is used or disclosed in an unauthorized manner. A single infringement might result in a $1.5 million annual penalty for organizations or $20-30k for individual providers. Being aware of HIPAA rules and vigilant about their enforcement is worth the effort financially, as well as legally and ethically.
HIPAA standards are complicated and are frequently changing to accommodate the many hackers who try to access secured healthcare information. The update below will help you prevent four of the most common HIPAA violations.
Common HIPAA Violations
1. Secure and possibly encrypt all protected health data (PHI) — To keep PHI secure and avoid HIPAA violation, all data must be stored in a secure location. For example, if your data is on a laptop, lock your laptop in your desk or cabinet when not in use. Similarly, digital files should be password-protected and encrypted. While HIPAA standards do not mandate encryption, unencrypted data is quite more vulnerable. Moreover, encryption adds an extra degree of security to your digital data, and therefore, it is something to seriously consider. Even seemingly minor events such as leaving your laptop with PHI in your car or on the table at your favorite coffee shop for “a minute” can lead to data breaches and months of unpleasant legal proceedings.
2. Dispose of data safely — Patients’ and clients’ personal health records contain important aspects of their treatment history, such as their symptoms, diagnoses, treatment protocols, as well as their social security numbers, phone numbers, street addresses, etc. See HHS Stresses HIPAA ePHI Security: Information Access Management & Access Control for details of the Summer 2021 cybersecurity update. It guides healthcare organizations and stresses the importance of HIPAA ePHI security. You can easily violate HIPAA standards and your client’s privacy if you dispose of an old hard drive by tossing it into the trash.
3. Prevent data loss through lost or stolen devices — Whenever data is stored on a device, the device should be password protected. For instance, your mobile phone should always have a password to protect onlookers from accessing. Text messages should not automatically light your screen if you use a text messaging program that delivers messages to your screen. Another reason to password protect and hide incoming data from onlookers is that data stored on password-protected devices can potentially help you qualify for a “safe harbor” that might exonerate you if you are charged with a HIPAA breach. Also, if your device is lost or stolen, you will want to have it equipped with software that will help you locate it and remotely wipe your device clean if needed. Also, all devices holding any form of PHI should be stored in a secure location to reduce their chances of being stolen.
4. Acquire Adequate Staff Training — You are legally required to train your employees to keep PHI data safe and secure if they have close access to PHI data. Protecting PHI extends to everyone in your organization, including part-time help, billing agents, office admins, etc. The HIPAA Journal reports that over 2 million Business Associates and subcontractors are unaware of their HIPAA obligations. In light of this, your employees must receive regular HIPAA training so they don’t inadvertently violate HIPAA and compromise the privacy of those you serve. HIPAA mandates frequent employee training, which should be fully documented with regard to topics covered and employees or independent contractors who are present.
While a few basic ideas are presented above, there are several more complex rules that govern HIPAA. Maintaining updated organizational policies, adequate employee training, and a careful, reliable staff are the best way to stay free from HIPAA violations. See other Telehealth.org articles or consider taking a Telehealth.org Basic Legal Issues professional training program for a roadmap to HIPAA compliance for your telehealth practice.