What do you need to know and what do you have to watch out for?
It is very important that you avoid some of the most common HIPAA violations:
Sending texts containing PHI.
Improper mailing or emailing of PHI.
Failure to monitor and maintain PHI access logs.
The omission of a HIPAA-compliant Business Associate (BA) agreement with vendors before allowing access to the information system containing PHI.
Accessing patient information on a personal device or home computer.
Inadequate or lack of limitations as to who may view PHI.
Failure to remove access authorization to employees who no longer have a reason to access PHI.
Poor training to ensure that employees understand the many HIPAA requirements and guidelines.
Lack of documentation of HIPAA compliance efforts.
Lost or Stolen Devices
Therefore, if any device of a person that has access to PHI is lost or stolen, it is a direct violation of HIPAA. That is why it is vitally important to keep track of your mobile devices. It’s also worth having remote-wipe systems in place in case a device goes missing.
Employee Disclosure of PHI
Discussing a patient’s condition, medications, or any personal data with co-workers or friends is a direct violation of HIPAA regulations.
Improper Disposal of Medical Records
Electronic information that is deleted must be tracked and logged.
When in doubt, employees should seek the advice and training of their IT or compliance team to properly dispose of PHI records.
Mishandling of Records
Photocopiers are a high-risk zone for mishandling of PHI.
Most photocopiers feature a storage drive that saves and collects a document to let employees retrieve it at their desk or to re-print at a later time. If the person creating the resulting document forgets to close their session, the following employee
Failure to Conduct a Risk Analysis
The HIPAA Security Rule and the HHS mandate that healthcare organizations perform a risk analysis. The risk analysis helps organizations discover opportunities and vulnerabilities in their computing system. If the results indicate issues with confidentiality, integrity, and availability of electronic PHI held by the healthcare organization, the organization may correct the issue. Left uncorrected, the findings may result in HIPAA violations.
Contact Us to become HIPAA Compliant! Our team of security experts can help you!