With fines for HIPAA violations ranging from $50,000 to $1.5 million per violation and a cumulative annual penalty of $1.5 million, medical practices need to remain HIPAA compliant at all times.
Although all alleged HIPAA breaches should be treated as potential risks to your medical practice, some are more prominent than others.
We’ve put together a list of the top six HIPAA violations so that your practice can take the appropriate measures to avoid them. The top six most popular HIPAA violations and some tips on how to prevent them are listed below.
Keeping Unsecured Records
All workers should be required to keep documents containing PHI safely at all times as part of their employee training.
Safe passwords should be needed to access digital files, and they should be encrypted wherever possible.
The risks of leaving PHI data exposed without encryption are simple.
If a computer containing PHI is lost or stolen, encrypting the data provides another layer of protection. If a password-protected computer is breached in any way, such as by hacking, it gives an extra layer of protection.
Hacking is a real danger to medical ePHI, despite our best attempts to believe it will never happen to us.
Since there are people out there who want to use this information for malicious reasons, medical practices should prevent hacking.
Loss or Theft of Devices
In June of 2016, a case was settled in which an iPhone containing a large amount of ePHI was stolen, including social security numbers, care and diagnosis records, medications, and more.
Furthermore, the iPhone was not password secured or encrypted, rendering all ePHI open to anyone who had the handset.
Lack of Employee Training
It’s crucial to thoroughly educate any employee who comes into contact with PHI regarding HIPAA regulations and compliance training.
Employee HIPAA preparation is more than a suggestion; it’s a legal necessity under HIPAA.
Gossiping / Sharing PHI
Though general chitchat or gossip around the water cooler can be harmless, PHI should always be prevented. There is no need to bring up PHI while interacting with colleagues.
Employees of medical practices who have access to patient PHI must be vigilant about what they share with others.
Always be mindful of who may be listening while debating PHI. Conversations about PHI should be conducted behind closed doors with the only appropriate office staff.