Common HIPAA Violations And How To Avoid Them

common HIPAA violations and how to avoid them

HIPAA violations are much more common in the workplace than we like to think, and it’s likely that you’ll run into a compliance issue with one of your employees at some point. Don’t panic. Dealing with a HIPAA violation isn’t the end of the world, and if you know what to look out for, you’ll be able to minimize the number of violations that take place at your center.

Common HIPAA violations include:

·       Accessing the healthcare information of family members or friends and you are not on the healthcare team to treat them.

·       Giving a prescription or health information to the wrong person. 

·       Calling a family member or friend about someone you know being admitted to the hospital or clinic, or revealing their medical condition.

·        Sharing your password for PCI medical information with other people.

·       Emailing medical information about a patient to friends for gossiping purposes or accidentally sending the information to the wrong person.

·       Talking about patients and their treatment in a cafeteria, elevator, or other public place.

·       Leaving a PHI work station without logging off.

·       Improper disposal of paper documents and sign in sheets that reveal patient diagnoses.

·       Posting photos of patients to social media or discussing PHI on social media.

HIPAA violations happen in healthcare, but it’s important for you to do everything you can to prevent them at your practice. Providing new and current employees with HIPAA training and refreshers will go a long way towards minimizing your risk of violations. Here are some additional areas you should cover with employees.

Proper Disposal of PHI Information

Sometimes a HIPAA violation can come from something as simple as what’s in the company trash bin. Make sure to warn staff to properly shred or cut any paper work with PHI information on it before throwing away. Labels and patient ID’s should be shredded and put in a locked confidential shred box. When not possible, cut or shred plastic ID’s so they are not readable. Electronic patient information should be disposed of correctly.

Computer Compliance

All computers should have their own password and software that limits employee access to PCI information. Records should be backed up and stored in a secure place. Computers should be in positions so that others cannot read information as they walk by. Use screen savers when computers aren’t in use, and make sure that sessions expire quickly when not being used. When sending out any emails with PHI information, those emails should be encrypted.

Files and Papers and Communications

When displaying charts in the doctor’s exam room, tape a piece of paper in the holder so no one can read the charts.  Leave patient information out of public areas. Do not use patient names in newsletters, articles or blogs without their explicit permission. Always remember to put away folders and paperwork.

Lower your voice when discussing patients in the office and with others.  Check the waiting area to make sure patients cannot overhear the office telephone calls. When you leave a message on a phone, keep it brief and professional. Ask patients the best way to contact them about test results or doctor appointments, and familiarize yourself with any other third parties this patient’s information is allowed to be released to.

Put An Employee In Charge of HIPAA Compliance

Putting someone in the office in charge of HIPAA compliance will help with developing and enforcing a checklist. In small offices this can be the office manager, office worker, nurse, or even doctor. Giving all employees training on HIPAA compliance is another job for the compliance officer. Be sure to train them on how to release information to the right sources, inappropriate ways to handle information, and how to handle computer information.

Sometimes you can arrange for a compliance officer from the outside. They can train your staff and monitor your performance on a part time basis. This is often a good option for larger offices or even hospitals.

At the end of the day,  some basic training can help you avoid major HIPPA violations  in your healthcare practice with employees. This is an important part of training your employees properly.