10 Common HIPAA Violations to be Aware Of

Proper ethics and policies to protect people’s privacy in the healthcare industry have to be taken seriously. If your medical practice happens to get sloppy, HIPAA violation penalties can start as high as $50,000 per violation.

The total amount of fines one can accumulate in a year goes all the way up to $1.5 million, but violations can dramatically exceed that over time. Staying compliant with HIPAA rules must be a top priority. Of course, there are a lot of regulations, so you have to invest time into implementing safeguards.

To help better train your staff on HIPAA compliance, it’s a good idea to first make sure they are familiar with the most common violations.

Here’s a great list of the ten most common HIPAA violations that should be memorized:

1. Unsecured Records

Handling of private patient and medical documents should be secure and clearly understood. Any physical files that contain sensitive PHI must be stored in a secure location.

Access to this location should be under lock and key. The same goes for digital storage. All files must be password protected and encrypted.

2. Unencrypted Data

One of the more common HIPAA violations is the lack of encrypting of PHI. Don’t sacrifice this additional step for the sake of convenience!

If patient files were to ever fall into the wrong hands, they could become victims of identity theft. This can occur even when hard drives with files are erased on an expired computer.

Encrypting data protects you and your medical practice from unforeseen risk. It can also prevent a potential lawsuit.

While it’s a good idea to always encrypt PHI, some states specifically require it. You will need to check with local HIPAA regulations to know the requirements.

3. Hacking

Encrypting files is a great way to protect PHI from future vulnerabilities. Don’t let your guard down, hackers can bypass everything if given access.

Hackers can attack your systems both digitally and physically. This means that you should have preventive measures in place to avoid being compromised.

Hacking triggers common HIPAA violations when you do not install antivirus software on any devices with PHI. A firewall is also necessary to prevent external snooping/logging of activity.

Non-workforce members should never be allowed to get within close proximity of computers with PHI. A virus can be loaded externally with a tiny USB drive. These types of hacks can go undetected until an inspection is done.

A HIPAA compliance (and legally required) security risk assessment is the best way to detect any security flaws.

4. Stolen or Lost Devices

If your place of business does not designate secure areas for devices with PHI, then you can get into trouble.

Whenever a device is lost or stolen, investigators will check how it occurred. If your facility lacks any effective security, you will be fined. There must be a password or ID access to keep unwanted people out.

This violation is compounded further when said devices aren’t secured and allow easy theft of data.

5. Employee Training

You cannot skip or skim through HIPAA compliance training for staff. They must be trained according to the law and pass knowledge tests.

If your business is caught ignoring or passing employees through the material, you will be fined. All staff members, at all levels, must fully understand HIPAA laws. This includes the policies put in place to prevent common HIPAA violations.

6. Unprofessional Sharing PHI

There are no exceptions to this rule. Any place outside the moment of working together with co-workers is off-limits for PHI.

No matter the context, patient information is sensitive and should never be shared. This information could be eavesdropped or spread to a third party out of your control.

This behavior comes with a large fine, no matter how small or insignificant.

7. Employee Access Rules

If an employee opens a PHI file that they aren’t assigned to, it’s a violation. No matter the context or if it was intentional, the penalty is the same.

Preventing common HIPAA violations like these is a matter of training and diligence. Workers should not have to worry about doing this if they are clearly instructed about their role.

8. Improper Disposal of Records

When preparing your staff for HIPAA compliance, the appropriate transfer of PHI records is critical. This measure should come first on yoyr priority list.

Your workforce needs to comprehend what data that constitutes PHI. This may include SSI numbers, prescription records, procedures, and so forth, ought to be destroyed or wiped from the hard drive.

Any of this data left lying around in a dumpster or in a PC’s documents could be stolen. This would be a major HIPAA infringement.

9. Unauthorized Release of Information

This infringement frequently happens when individuals from the media share PHI in regards to celebritiess and politicians. It can likewise happen when offices share PHI to relatives that are unapproved.

Only doctors and those with a Power of Attorney are permitted access to the PHI of a relative, unless the patient has granted specific access in writing to others

10. Accessing Patient Information

Our last common HIPAA violation relates to how time-constrained medical staff is. Doctors, especially, have to stay in constant contact with their patient’s status. Some may even resort to checking their PHI file at home.

This is an unspoken, but real HIPAA violation risk. Anyone other than the doctor could read a patient file and get them in serious trouble.

Avoiding Common HIPAA Violations

It can be tough keeping ahead of anything and everything that could go wrong in the medical field. That’s why it is so important to invest in preventative measures, like comprehensive training.

Your medical practice is only as good as those around you. That’s what why we’re here – to help you practice great medicine and keep your patient data safe.

Be protected at all times. Contact us for more information on how we can keep you 100% HIPAA compliant.

HIPAA Security Reminders

 

HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top