Written by: Salman Rashid
HIPAA, which stands for the Health Insurance Portability and Accountability Act, is a monumental piece of legislation in the U.S. that was enacted in 1996 in order to reduce healthcare fraud and facilitate the transfer of worker’s coverage when they switch or leave jobs.
Decades later, with several new standards introduced within the law, this Act is now best known for protecting the privacy of patients and health plan members’ medical information and, as well as ensures that health information is kept secure and patients are notified whenever there’s a breach of information.
As beneficial as it may sound, HIPAA can be devastating for those who do not follow the rules. There are two types of entities that must abide by the rules and regulations of HIPAA. One is covered entities and the other is their business associates. A single instance of a HIPAA violation can range from thousands to millions of dollars. HIPAA violations are categorized into four tiers, the more severe and neglected the violations are, the higher the tier.
So today, we’ll discuss a few scenarios that can lead to a HIPAA violation so that you can take appropriate actions to comply with the law.
Common types of HIPAA violations
Shortfall in encryption
The risk of leaving Protected Health Information (PHI) unsecured is straightforward. Encryption adds layer of protection, including cybersecurity and all other best practices. Even if someone is somehow able to get their hands on PHI, whether by stealing or cyber hacking, they won’t be able to access the information if there’s an added layer of protection without the passcode. Even though encryption is not a strict HIPAA requirement, it is highly recommended because encryption can better protect PHI from prying eyes. Many progressive healthcare organizations have also implemented biometric patient identification solutions for enhanced protection.
Shortfall in training
individuals who might come into contact with PHI in the course of their work. However, it’s best to provide training for everyone in the organization so they understand the purpose of HIPAA and learn the best practices to better protect themselves from fines and penalties, as well as patients’ healthcare data. Often employees inadvertently access PHI or violate the law because they do now possess enough knowledge. It is recommended to train all the staff members on the law and the particular policies and procedures set forth by the organization.
Sharing or Gossiping PHI
Gossiping is an innate nature of all human beings. Especially healthcare workers may be tempted to discuss a patients’ medical case with their coworkers or in a place where conversations can be overheard. However, PHI should be off-limit unless the other person is involved in the patients’ health care. Healthcare workers with access to PHI should also be very careful about the information they share with others. Information might be shared out of curiosity, but the consequences are the same regardless of the intent. Sharing patients’ information on social media without the patients’ consent is also prohibited.
Disposing of medical records improperly
This is a very common scenario in many healthcare organizations where they dispose of PHI without shredding them first or in a place where it is visible or can easily be stolen. Either way, if PHI falls into the hands of the wrong person, there could be serious HIPAA consequences. Staff members should understand PHI contains valuable and sensitive information like financial numbers, social security numbers, etc., and should be shredded or destroyed before disposal, or wiped from the hard drive.
Avoiding HIPAA violations
There could be several other ways HIPAA can be violated. Staff members must be provided with up-to-date and frequent training so that they understand the purpose of HIPAA and avoid actions that can lead to a HIPAA violation. Healthcare organizations must also understand that HIPAA is not a one-time implementation. It requires continuous development, monitoring, and application. Part of it also includes conducting risk assessments to identify potential vulnerabilities and gaps within the practice to mitigate problems before a violation occurs. Many healthcare organizations also utilize HIPAA compliance software applications to streamline their efforts, some of which are simple, affordable, and very easy to implement and use.
Salman Rashid is an avid reader, loves writing on healthcare issues, and loves all things related to technology, especially PCs and smartphones. He’s also a Digital Marketing Analyst at RightPatient, a platform that helps enhance patient safety across hospitals. He can be contacted at firstname.lastname@example.org.