The advent of the HIPAA laws in 1996 radically changed the landscape of how healthcare organizations conducted business. HIPAA (the Health Insurance Portability and Accountability Act) mandates specific guidelines regarding health insurance portability and privacy issues, and these laws are always adapting to keep up with technology.
Many people do not realize that HIPAA violations can be quite costly, with an average violation approaching $50,000 per record, and awarded damages in some cases soaring to over $1 million.
HIPAA violations can also result in criminal charges including jail time, a sobering thought considering many violations are merely mistakes and oversights.
In light of the seriousness of making a mistake in this environment, we have compiled a list of some of the most common HIPAA violations, along with some suggestions on how to avoid them.
Conducting a comprehensive audit of your medical practice’s standards and procedures is a great way to avoid the fines and charges associated with noncompliance.
While this list will give you a solid basis, each practice will need to dig deeper to ensure that they are in full compliance with current laws.
Common HIPAA Violations
- Loose Lips – Chatting about a specific patient situation with a family member seems harmless enough, but it can result in HIPAA violations. Unless the patient has signed a release of information, nobody but the patient and direct caregivers can have access to those records. This means you cannot disclose the medications they are taking, the date of their upcoming surgery, or any details about their condition to any unauthorized persons. Remember, even personnel in your own office are barred from seeing or hearing patient information unless they are authorized to do so.
- Hacks & Cyber Breaches – It hardly seems fair that someone else’s criminal behavior could land your medical practice in hot water. But in the age of electronic health records, patient information must be protected from cyber-criminals. HIPAA violations may not apply, however, if you took appropriate measures to protect your patient data, such as employing stringent password protocols, installing firewalls and anti-virus software, and keeping your hardware and software up to date as per manufacturer recommendations. You may wish to remove all paper files from your premises, as well as electronic records, and utilize a managed services firm to store your data offsite in the cloud.
- Improper Disposal of Documents – Sometimes the most ordinary issues are the most violated. Leaving files open for others to see could cause HIPAA violations, but so can improper disposal of those same documents – whether in electronic or paper form. Being sure to cross-shred records which are being thrown away is obvious, but did you know that most modern photocopiers actually save images of every copy on their hard drive? As many medical practices lease or rent these machines, it is of utmost importance that the hard drive in copiers and printers are completely wiped clean of patient records.
- Lost or Stolen Devices – There is no doubt about it, our tablets and smartphones have revolutionized the way we do business and share information. But disseminating patient information across multiple devices which leave your premises on a regular basis could leave you wide open to HIPAA violations. Something as simple as an email in the wrong hands could be problematic, and access to your patient database could be catastrophic. Once again, it is important to have stringent protocols as to how much information can be transmitted over personal devices, and such devices should be protected with screen locks and stringent password protocols.
- Third Party Compliance – When you outsource any part of your medical practice, such as billing, it is your responsibility to ensure that any third party which may have access to your patient information is HIPAA compliant. If that third party mishandles confidential information, you may be responsible.
- Employee Dishonesty – We don’t like to think that this is a possibility, but some of the largest penalties for HIPAA violations have been handed down in cases of fraud. Medicare and insurance fraud are two of the most serious violations but are not the only employee-inspired issues. Employees of your practice can be found guilty of a violation for far less flagrant offenses, like viewing files of a case they are not working on.
HIPAA was established to ensure that the personal health information (PHI) that resides in the hands of healthcare providers is safeguarded. Having access to this information is an important responsibility and one that should not be taken lightly. Because of the serious nature of these issues, HIPAA violations can result in huge fines and even prison sentences for those involved. Therefore it is of critical importance that you, as a health care provider, make every effort to strictly comply with all HIPAA regulations.
If your Sarasota practice is looking for guidance as to how to best manage online records and cyber strategies to remain HIPAA compliant, the experts at Alliance IT are here to help.