The 8 Most Common HIPAA ViolationsAs part of your compliance training program, make sure your employees are aware of the most-violated HIPAA laws:
#1 – Disclosing patient information to an impermissible third party.
Your employees should be very careful to avoid gossiping, even if they believe no one will ever find out about their conversation. Unfortunately, sharing information through chitchat with friends, family, and coworkers is one of the most common HIPAA violations. Remind your employees frequently: talking about a patient is against federal law!
#2 – Releasing unauthorized protected health information (PHI) due to incomplete HIPAA forms.
Before releasing any information to outside parties, it is imperative that patients’ authorization forms are completed in their entirety. The form should include the patient’s legal name, the specific information that is permitted for disclosure, and the date through which the authorization is valid.
#3 – Failing to destroy old information.
According to HIPAA law, outdated or incorrect patient information must be destroyed to avoid a breach of PHI.
#4- Incorrectly disposing patient information.
PHI should never be discarded in the regular trash can; rather, it should be shredded or burned. Placing signs at trash cans, recycling bins and shredding stations can be a great reminder for employees to dispose of PHI correctly.
#5 – Releasing patient information in an untimely manner.
HIPAA law requires that medical records be released upon request. It is imperative that your employees release information in a timely manner to avoid fines.
#6 – Making errors when storing papers or files.
If you use paper and storage filing system, sooner or later a document is going to be misplaced; it’s unavoidable with human error. And unfortunately, incorrectly filing a patient’s records can lead to an HIPAA fine. Switching to an electronic filing database can almost completely eliminate this risk.
#7 – Improperly securing or losing computer devices or backup drives.
Stolen laptops, tablets, mobile phones, backup discs, USB drives and the like can cause leaks in patient information. Safeguards should be in place to protect PHI in the event of theft or loss such as using passwords on electronic devices to verify the person signing into the device is authorized to access the information.
#8 – Being unprotected from computer hacking.
Again, using encryption, firewalls, password-restricted access, and other security measures are imperative for protecting PHI. It may also be a wise investment for your organization to utilize an electronic records database that can be accessed remotely from a cloud to avoid computer hacking and misuse of PHI.
Inadequately trained employees leads to a greater chance of HIPAA offenses
Many of the aforementioned HIPAA violations can be avoided if employees receive adequate and ongoing training on HIPAA law. Don’t let your facility become another statistic! If you don’t have one already, begin and implement an HIPAA compliance training program, and make sure that HIPAA law compliance is included in your written policies and procedures.