Avoid hefty fines and understand the most common HIPAA violations.
The Health Insurance Portability and Accountability Act (HIPAA), which was passed by Congress in 1996 contains provisions that may seem complicated, but it is important to make sure that all personnel at health care practices understand HIPAA compliance issues. Do you need to be HIPAA compliant? The short answer is this: if you handle protected health information (PHI), then absolutely yes, you need to be HIPAA compliant. You open yourself up to potential civil and criminal penalties as a result of violations. What are the most common HIPAA violations?
Improperly storing papers and files.
If you use paper and storage filing system, you must avoid human error and make sure you have a tight system that keeps information protected at all times. Unfortunately, improperly filing a patient’s records can lead to a HIPAA fine.
Improperly securing computers and backup drives.
Stolen laptops, tablets, mobile phones, backup discs, USB drives can cause leaks in patient information. Safeguards should be in place to protect PHI in the event of theft or loss such as using passwords on electronic devices to verify the person signing into the device is authorized to access the information.
Not using modern technology, like encryption for computers.
Using encryption, firewalls, password-restricted access, and other security measures are imperative for protecting PHI. It may also be a wise investment for your organization to utilize an electronic records database that can be accessed remotely from a cloud to avoid computer hacking and misuse of PHI.
Inadequately training personnel.
You must enlist procedures to limit who can access patient health information, and training programs about how to protect patient health information. Failing to do so can mean an abundance of fines due to lack of education, which leads to costly mistakes.
Improperly destroying PHI.
PHI should never be discarded in the regular trash can, rather it should be shredded. Placing signs at trash cans, recycling bins and shredding stations can be a great reminder for employees to dispose of PHI correctly. According to HIPAA law, outdated or incorrect patient information must be destroyed to avoid a breach of PHI.
Working with a certified document destruction specialist like Legal Shred can help you maintain HIPAA compliance. With routine service and employing the use of one of our locked security bins in your office, Legal Shred can provide a document maintenance and disposal program that meets HIPAA destruction requirements.
- Guidelines for Medical Record Shredding
- Hospital Discharge Paper Shredding & Identity Protection
- Dermatology Practice Get Hits With Fine for Thumb Drive Breach