5 Common HIPAA & HITECH Violations (& how to avoid them)
At first glance, advice to avoid HIPAA and HITECH violations seems obvious: Don’t gossip about patients. Don’t make patient medical records visible to others. Don’t access ePHI on your home computer (without the proper set-up). If avoiding violations were easy, however, businesses around the U.S. wouldn’t cough up millions each year in fines. We here at Frontier IT in Colorado Springs review five common violations and discuss how to avoid them.
Violation: Talking or posting to social media about patients.
Avoid by: Keeping quiet.
You may not be divulging a patient’s health condition. Perhaps you’re simply sharing that you ran into so-and-so at your medical office. Innocent enough, right? Wrong. Providing information to others that identifies someone as a patient is a HIPAA violation, even if medical conditions, medications and the like aren’t revealed.
Violation: Accessing patient records on your personal phone or computer without proper set-up.
Avoid by: Ensuring that your medical business uses a secure, HIPAA-compliant file sharing and collaboration platform.
This is an easy fix, actually. Autotask Workplace allows team-members to safely access, manage, organize and share files anywhere, from any device. It enables productivity by allowing individuals or teams to work on documents in real time, without fear of security breaches. (Interested in getting your medical office set-up with Autotask Workplace? Contact a managed service provider like Frontier IT today.)
Violation: Snooping in a patient’s medical record.
Avoid by: Just don’t.
It’s okay to read through patients’ files for entertainment, so long as you don’t discuss your findings to others, right? Actually, no — and this is one of the more common HIPAA violations, according to the Modern Medicine Network. There are two common scenarios, a lawyer told the website. The first: A neighbor comes into the doctor’s office, and an employee takes a peek at his record to see why. The second: A hospital employee hears about a high-profile crime that results in the suspect being injured and transported to the hospital, and looks at the patient’s file to see how he’s doing. Even if those employees keep quiet, reputational damage has been done to the patients. A breach is a breach is a breach.
Violation: Allowing patients’ records to be viewed by those not involved in their medical care.
Avoid by: Keeping the records secure — physically and digitally.
There are many ways prying eyes, both inside and outside of your medical office, could gain access to your patients’ records — if they’re left unattended in your office, if your internet connection isn’t secure, if malware makes its way onto your computer when an unsuspecting employee downloads an infected attachment. Aside from training your employees to take due caution when handling medical records, one of the best things you can do is partner with a managed service provider, or MSP, to ensure your medical business’ electronic personal health information, or ePHI, is safe, backed-up digitally as required by HITECH and recoverable in case of disaster. MSPs specialize in working with small- to mid-sized businesses that don’t have their own IT departments. An MSP can tailor an affordable service plan to your business, offering you only what you need like server and network monitoring or disaster recovery planning.
Violation: Not training all of those with access to patient information — including interns, volunteers, contractors and even employees who have access to ePHI but have no need to access it — on HIPAA compliance.
Avoid by: Training everyone.
This is pretty self-explanatory. While it might be inconvenient to train absolutely everyone with access to the ePHI your company handles, HIPAA requires it. It’s an investment, really.
Here’s a fun fact: Frontier IT is a managed service provider, not a medical office. But we work with ePHI when serving our medical-office clients, so guess what? We test all of our employees annually to verify that they understand HIPAA guidelines.
What’s more: Our extensive security policies and procedures are audited by a third party to ensure HIPAA compliance.
We hate tooting our own horn, but we’re going to make an exception here: We’re excellent at what we do. If you’re looking for an MSP to partner with your medical office, give us a ring today or drop us a line. We’d love to meet you where you are and help your business thrive.