If you work in any healthcare setting, the importance of following HIPAA guidelines has been drilled in your head over and over again. And yet, the number of violations and lawsuits is continually increasing.
So are these violations intentional or accidental? Some of both to be sure. But it’s critical for any healthcare employee to recognize the potential risks to avoid them.
Here are the 7 most common HIPAA violations right now.
1. Overall Systems Cause Most Common HIPAA Violations
Many HIPPA violations actually have little to do with the actual providers and their access to medical records. Instead, the overall organization poses the biggest threat.
Every healthcare organization should conduct thorough assessments of their procedures and policies to find possible holes that could lead to a violation. If the system is set up to be as airtight as possible, then the risk is lowered and many of the possibilities taken away.
While there are very specific ways that organizations can fall into non-compliance, the overarching problem behind many cases is the lack of the right structures in place over the whole company.
2. Organization Has Weak Security Measures
One of the main ways that a healthcare organization may want to double-check their efforts is in the security surrounding their medical records. Any digital information, medical record or not, is subject to hacking and data breaches. And these losses of information are very common.
Medical record storage is a prime target for hackers because the quantity of personal information is so large in one place. If they can get in, they have access to such a high volume.
While a data breach is not an automatic HIPAA violation, if the company did not take sufficient measures to protect against it, they could be liable for damages.
Another way a data breach can hurt a healthcare organization is if they do not follow the after protocol provided. There are several regulations a company must follow, including notifying those with compromised information in the allotted time period.
3. Employees Looking At Non-Patient Information
Probably one of the more obvious HIPAA violations occurs when an employee looks into a patient’s chart that is not currently under their care or they do not have a legitimate reason to need information from that record.
This happens often when there is a celebrity involved or a well-known individual. Those with access may feel compelled to look into the chart to get the “inside scoop”.
But it is probably even more tempting to look into the charts of people you know, friends, neighbors, and even family.
This must be avoided. Any looking into a non-necessary chart, even for a brief time, can result in a penalty and discipline.
4. Unauthorized Sharing of Personal Information
Patients provide healthcare organizations with a ton of personal information; social security numbers, phone numbers, addresses, payment information, job histories. All of this must be protected.
Any sharing of patient information without prior authorization from that patient (or guardian) is a HIPAA violation and can result in negative consequences.
Healthcare companies should make sure that their authorization forms are very specific about what type of information can be released and exactly who it can be released to for protection.
5. Incorrect Medical Record Disposal Methods
A company cannot keep every medical record of every patient they have ever had. That is just not realistic or necessary. But the disposal of those records needs to be done properly in order to protect against unintentional HIPAA violations.
This is another area that the overall organization-wide search for problems would be beneficial.
Proper disposal of medical records includes shredding, burning, destroying magnet tapes. The destruction must also be properly documented.
6. Medical Records Left Unattended
Sometimes these HIPAA violations are very unintentional and that can be the hardest part; protecting yourself from having a problem.
Any time a record, electronic or paper, is left unattended that can be a reason for a violation. So if the receptionist leaves her desk and there are records open on her desktop. If the nurse leaves a chart out on the nurses’ station.
All of these seemingly insignificant actions can cause major problems that lead to fines.
Healthcare employees need to take care that if they are working electronically they sign out of any medical records program every time they leave their desks. Paper records need to be properly filed when not in use.
When records are left unattended, they are susceptible to theft. That is the case for both inside the healthcare facility and out. If a provider is taking documentation home, they need to be extra certain it is secure when not in use.
7. Lack of Planning
With most HIPAA violations, there could have been preventative measures to keep it from happening. Healthcare organizations and employees open themselves up to the risk of fines (or in more serious cases, jail time) if they do not put proper plans in place.
If every employee in the company is trained in using the same procedures to handle patient personal information, there will be fewer issues. And if issues do arise, employees can let leadership know early on because they are aware of the policies.
No healthcare company wants to be a part of any HIPAA news in 2020 and knowing these common mistakes can help with preventative measures.
What did that old lady down the street always say? Proper planning prevents problems. If you work in healthcare, take a moment to evaluate how you handle patient information, and if you are protecting those records properly.
Once you’ve done all you can do, turn to the security experts (us!) to get the extra help you need to protect against the most common HIPAA violations.