HIPAA Violations are a constant threat to doctors running a medical practice. Since 1996, the The Health Insurance Portability and Accountability Act has been in place, giving physicians and their teams reasons to guard their patient privacy closely.
Depending upon the type of the breach, physicians can be liable for $100 up to $50,000 for each violation, with a maximum of $1.5 million for identical provisions during a calendar year.
Worse than this, some violations can lead to imprisonment in extreme circumstances. (For a full guide to the levels of HIPAA violation, you can review this guide.)
For these reason, as well as securing and safe-guarding your patient security, it is very important to know which HIPPA violations to avoid. Essentially, if you violate HIPAA, you’re risking the information of your patients, as well as potentially your credibility and reputation as a professional.
Here are a group of HIPAA violations doctors may wish to avoid:
1) Discussing patient information publicly
If your staff discuss patients’ names, addresses and or insurance plans at check-in, you are technically breaching patient confidentiality. Make sure patients and office staff have a way to discuss insurance or change of address in private. Also, create a quiet place for phone calls to occur. Even if you’re just calling a patient to setup or confirm an appointment, it is better to do this in a private area if possible.
2) Paper files in Non-Secure Locations
The days of having paper charts are fading away, as more and more doctors move to using an EHR for all patient records. If you still use any form of paper documents, be sure not to leave them in unsecured or unattended areas. Also be wary of charts, paperwork and forms that patients bring in from other practices that they are filed and stored securely.
Also, if you are converting from paper documents to an electronic office, be sure to shred any patient records before you dispose of them.
3) Non-Encrypted Email or Sending Incorrect emails
Never underestimate the importance of encryption, even for seemingly innocent files. The use of non-encrypted email services, such as gmail, outlook, yahoo and other well known email services can cause a risk of hackers being able to access your information. For this reason, you might consider an-encrypted email or file sharing service for pertinent patient information.
Along with this, make sure to consider that you are sending patient information to the correct recipient. When sending bulk emails to patients, it is easy to overlook the address it is being sent to. You can put patients at risk and you can lose their trust, simply because you didn’t double-check your recipient or an email attachment. This is one of those areas where slow, steady careful checking pays off.
4) Unsecured Patient Portals
If you use or are considering creating a patient portal, make it has secure login compliance, so that any personal patient information is not easily accessible without a username and password.
When it comes to families who can share information, be sure to get authorisation from a patient first. A good practice is to require identity verification for password reminders, and you might also remind your patients to access their patient portal when they have a secure internet connection.
5) Non-HIPAA video chat
Some doctors have considered using Skype or Face-time to communicate with patients. While they are great free platforms for video chat, the reality is the weren’t designed to be HIPAA-compliant.
The challenge is that even though a doctor can ensure their Internet connection is secure, there is very little they can do to make sure everything is secure on the the patient’s receiving end. Another alternative is to ensure the is a Business Associate Agreement in place. The same issues arise with security for text messaging, so be sure to use HIPAA compliant texting tools here as well. The solution here is to ideally use a HIPAA compliant application designed for Telemedicine.
Doctors may have several HIPAA violations without getting fined, but that doesn’t mean it isn’t a negative for your practice. A data breach of any kind can damage your practice reputation even without your knowledge. By treating all patient information with the same caution you can and enjoy the peace of mind that comes with being HIPAA compliant.