Are You Accidentally Violating HIPAA Regulations?
In a busy medical office, it’s hard to keep track of each and every HIPAA regulation, and accidental HIPAA violations can easily occur.
In many cases, practices discover multiple violations in place upon beginning compiance examinations before you or your users even realize you’ve done anything wrong.
Unfortunately, violations can lead to stiff fines if you’re caught breaching regulations. Every year, the U.S. Department of Health and Human Services receives approximately 4,000 complaints about HIPAA violations. Make sure your office isn’t on the list by avoiding these common HIPAA related “trouble areas.”
Accident #1: Exposing Confidential Information to Other Patients
Although everyone in your office understands it’s important not to discuss one patient with another or provide information to a family member without a signed release form, your team may not realize just how easy it is to accidentally expose protected information with the next patient in your exam room or even the entire waiting room.
Keeping patient information private requires scrupulous attention to the way your entire office handles files and all possible forms of patient information.
It’s easy to say, but harder to remember: Don’t leave anything containing Protected Health Information (PHI) unprotected where other patients can see it, and always sign out (or lock) any computer screens that contain patient information before showing the next patient into an exam room.
Keep in mind, even simple info such as addresses are considered private information. It’s far better to ask patients to review forms than to rattle off an address to verify if the one listed is current.
Accident #2: Neglecting Your Computer Network
Patient records are a treasure trove of information for identity thieves and cybercriminals. Once they hack into your system, it’s game over.
In one fell swoop, the bad guys suddenly have unlimited, centralized access patient names, addresses, social security numbers and credit card information.
Your firewall stops thieves from accessing your system, but no firewall can do its jop properly with its hands tied (AKA when it isn’t kept up to date.)
Make sure your IT services resource sets your network firewall to receive automatic updates and regularly monitors and checks your log files for signs of attempted intrusions.
From there, make sure your office team doesn’t ignore alerts and any time you suspect a breach, reach out to your managed services provider follows HIPAA reporting procedures for any computer breaches if your office falls victim to a malicious attack.
Being Lax with Your Laptop
Thanks to your laptop, you’re no longer chained to the office computer. Now you can take your work home with you and not miss out on family time!
That being said- No matter the setting, you must stay vigilant and make sure to not let a relaxed family setting lull you into being careless. After all, ePHI is still protected by HIPAA, be it at the office or inside your home.
It may seem simple, but it is imperative that you do not leave information on your screen, even if you’re only leaving the room to get a glass of water.
Password protect your laptop, close out all screens and tabs when not in active use and make sure to keep your computer locked away when it is not in active use.
More specifically, with the increasing rates of automobile theft in the San Francisco Bay Area, save yourself the time, money and headache of having to file a technology incident report andmake sure you do not leave your computer unattended in your car.
Texting Confidential Information
Texting is one of the fastest ways to share information with another medical professional, but it sends that information into cyberspace where anyone can potentially access it.
Make sure all users know the rules:
-Don’t text unless you’re using a special encrypted program to send texts.
-Only send those texts to other people if you’re positive they’re using the same appropriate program.
By keeping these potential programs in mind and educating your staff about HIPAA basics, you can avoid a costly, and potentially embarrassing, violation.
Comments are closed.