Hipaa violations, hipaa breach, hipaa standard

HIPAA Violations: 4 Quick Ways to Avoid


September 6, 2021 | Reading Time: 3 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

If you work with US citizens, keeping patient records secure is crucial to survival healthcare practice. As an organization or an individual practitioner, you know that the financial implications of a HIPAA breach can be staggering.

A HIPAA breach occurs when protected health information is used or disclosed in an unauthorized manner. A single infringement might result in a $1.5 million annual penalty for organizations or $20-30k for individual providers. Being aware of HIPAA rules and vigilant about their enforcement is worth the effort financially, as well as legally and ethically.

HIPAA standards are complicated and are frequently changing to accommodate the many hackers who try to access secured healthcare information. The update below will help you prevent four of the most common HIPAA violations.

Common HIPAA Violations

These common HIPAA violations are offered to help you safeguard your practice against data breaches, concurrent financial penalties, and the embarrassment of being listed on the HIPAA Wall of Shame.

1. Secure and possibly encrypt all protected health data (PHI) — To keep PHI secure and avoid HIPAA violation, all data must be stored in a secure location. For example, if your data is on a laptop, lock your laptop in your desk or cabinet when not in use. Similarly, digital files should be password-protected and encrypted. While HIPAA standards do not mandate encryption, unencrypted data is quite more vulnerable. Moreover, encryption adds an extra degree of security to your digital data, and therefore, it is something to seriously consider. Even seemingly minor events such as leaving your laptop with PHI in your car or on the table at your favorite coffee shop for “a minute” can lead to data breaches and months of unpleasant legal proceedings.

2. Dispose of data safely — Patients’ and clients’ personal health records contain important aspects of their treatment history, such as their symptoms, diagnoses, treatment protocols, as well as their social security numbers, phone numbers, street addresses, etc. See HHS Stresses HIPAA ePHI Security: Information Access Management & Access Control for details of the Summer 2021 cybersecurity update. It guides healthcare organizations and stresses the importance of HIPAA ePHI security. You can easily violate HIPAA standards and your client’s privacy if you dispose of an old hard drive by tossing it into the trash.

3. Prevent data loss through lost or stolen devices — Whenever data is stored on a device, the device should be password protected. For instance, your mobile phone should always have a password to protect onlookers from accessing. Text messages should not automatically light your screen if you use a text messaging program that delivers messages to your screen. Another reason to password protect and hide incoming data from onlookers is that data stored on password-protected devices can potentially help you qualify for a “safe harbor” that might exonerate you if you are charged with a HIPAA breach. Also, if your device is lost or stolen, you will want to have it equipped with software that will help you locate it and remotely wipe your device clean if needed. Also, all devices holding any form of PHI should be stored in a secure location to reduce their chances of being stolen.

4. Acquire Adequate Staff Training — You are legally required to train your employees to keep PHI data safe and secure if they have close access to PHI data. Protecting PHI extends to everyone in your organization, including part-time help, billing agents, office admins, etc. The HIPAA Journal reports that over 2 million Business Associates and subcontractors are unaware of their HIPAA obligations. In light of this, your employees must receive regular HIPAA training so they don’t inadvertently violate HIPAA and compromise the privacy of those you serve. HIPAA mandates frequent employee training, which should be fully documented with regard to topics covered and employees or independent contractors who are present.

While a few basic ideas are presented above, there are several more complex rules that govern HIPAA. Maintaining updated organizational policies, adequate employee training, and a careful, reliable staff are the best way to stay free from HIPAA violations. See other Telehealth.org articles or consider taking a Telehealth.org Basic Legal Issues professional training program for a roadmap to HIPAA compliance for your telehealth practice.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...