Four Common HIPAA Violations and How to Avoid Them

With $23 million in fines issued, 2016 was a year of unprecedented amounts of HIPAA violations. It also doesn’t look like the Office of Civil Rights is slowing down on issuing these fines for 2017, either. Learn about four common HIPAA violations many people overlook and how you can avoid them.


Mishandling Medical Records

If you’re still keeping patient records on paper, you run the risk of having them exposed. Don’t leave medical records in exam rooms or at the billing desk. They should be filed and locked away to prevent records from falling into the wrong hands.

Some practices or medical groups have disposed of medical records improperly. Proper steps should be taken to prevent this violation. Consider working with a secure document shredding company. To learn about proper disposal methods for protected health information, visit The U.S. Department of Health and Human Services website here.


Social Media

Social media has become a way of life for most of us. When it comes to HIPAA there are some precautions that must be taken. Never post a photo of a patient without written consent. Without the proper consent, you’re compromising the patient protection. Ensure all employees are aware of the HIPAA policies in place to prevent from sharing any PHI. This is one of the best ways to prevent a legal pitfall.


Employees Disclosing Information

Watercooler talk about patients should always be avoided. Employees should be mindful of where they’re discussing topics about patients and who they’re discussing it with. Keep work conversations with friends and family to a minimum and avoid sharing PHI with them.

Common in smaller towns, asking about a friend to a medical professional is considered a breach as well. If in this situation, it’s important to have a canned response explaining how you can’t disclose any information about a patient.


Accessing Patient Information on Home Computers

Sometimes you have to take your work home with you. Whether you’re updating patient notes or records, your computer should never be left alone or without password protection. Having PHI exposed to family members or having it shared to the wrong online channels can lead to significant fines.

If you must leave your computer or device unattended, store it somewhere it cannot be seen to prevent theft. Practices have faced heavy fines from having devices with PHI stolen or accessed by the wrong people.