READ TIME | 5 MINUTES
Common HIPAA Violations That Can Jeopardize Patient Health Information
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed to help protect patient health information by setting national standards regarding the confidentiality, security and transmissibility of patient data.1 Healthcare providers must abide by these regulations to help safeguard patient health information against data breaches. Organizations that fail to follow regulations are subject to HIPAA violation fines ranging from $100 to $1.5 million and can also face other civil and criminal charges.1
Protecting patient health information should be a priority for healthcare providers. All employees who interface with patient data should have a comprehensive understanding of HIPAA rules and regulations to help secure private information. Below are some of the most common HIPAA violations and security measures to help protect your patients and organization.
Patient Health Information Is Released to the Incorrect Person
Sensitive patient data can accidentally be released to the wrong person. This mistake often occurs via email to patients with similar names. Controls, such as an email encryption service, must be in place to help prevent unauthorized users from accessing patient data by requiring credentials prior to viewing sensitive documents.
Improperly Disposing of Patient Records
Healthcare staff may dispose of patient data in an unsecure manner providing unauthorized users with an opportunity to view private information. For example, a healthcare employee recycles ECG printouts without shredding. ECG connectivity can help reduce the need to record and transfer patient data manually, eliminating a paper trail. Additionally, caregivers must be educated on proper disposal methods such as shredding, burning, wiping of electronic medical records, etc.2
Patient Health Information Is Misplaced
Physical patient records can potentially be misplaced within an office. For instance, a caregiver may leave a patient’s record on the receptionist’s desk allowing access to patient data by unauthorized personnel.3 Eliminate this risk by sending patient data directly to the EMR, which can reduce reliance on paper charts that are easily misplaced and mishandled.
Discussing Patient Data with Coworkers, Friends or Family
Healthcare employees accessing patient information out of curiosity without authorization and discussing findings with others is a common HIPAA violation.4 Medical devices should utilize authentication modalities, such as single- or two-factor authentication, for accessing and transferring patient data.4 In addition, conversations about PHI should be conducted behind closed doors with authorized personnel.4
Sharing Patient Data Via Unsecured Technologies
It’s important for clinicians to have quick and easy access to patient health information. Healthcare professionals may share sensitive data via text messages potentially exposing private information.4 Clinicians should be required to communicate patient health information via technologies that have security controls, such as data encryption, in place to protect patient health information.4
Theft of patient data through stolen laptops, mobile phones, etc., is a HIPAA violation that can result in fines.1 Security measures, like password protected authorization, must be in place to help prevent unauthorized individuals from accessing private documents.1
Patient health information is a target for cybercriminals with malicious intent. It is crucial for healthcare organizations to protect themselves against hacking. Antivirus software should be regularly updated and firewalls installed on all devices containing patient health information.4 In addition, caregivers should create unique passwords and update them frequently as best practice.5 As always, employees should report any threats or suspicious activity to their IT department.
Failure to Participate in HIPAA Training
HIPAA violations commonly occur with employees who are unfamiliar with HIPAA rules and regulations.1 HIPAA law requires all healthcare employees to receive training. The U.S. Department of Health & Human Services provides online training resources to help educate healthcare staff on HIPAA laws.6
Education is key to ensuring employees have the right skills to help defend the organization. Specifically, healthcare employees must have a comprehensive understanding of HIPAA rules and regulations to avoid common HIPAA violations that can put patient data at risk. In addition, network-connected medical devices are being designed with security in mind to help prevent these common HIPAA violations.
Interested in learning more about cybersecurity in healthcare? Be sure to download the Clinician's Guide to Cybersecurity to read more about how you can easily and safely capture, store and transmit patient data with connected medical devices.
1Becker's Healthcare. 10 common HIPAA violations and preventative measures to keep your practice in compliance. https://www.beckershospitalreview.com/healthcare-information-technology/10-common-hipaa-violations-and-preventative-measures-to-keep-your-practice-in-compliance.html. Accessed November 16, 2018.
2Advance Healthcare Network. The 10 Most Common HIPAA Violations. http://health-system-management.advanceweb.com/the-10-most-common-hipaa-violations/. Accessed November 16, 2018.
3I.S. Partners. Common HIPAA Violations and How to Avoid Them. https://www.ispartnersllc.com/blog/common-hipaa-violations/. Accessed November 16, 2018.
4Imprivata. 10 most common HIPAA violations and solutions. https://www.imprivata.com/blog/10-most-common-hipaa-violations-and-solutions. Accessed November 16, 2018.
5GroupOne Health Source. Top 10 Most Common HIPAA Violations. http://www.grouponehealthsource.com/blog/top-10-most-common-hipaa-violations. Accessed November 16, 2018.
6AMN Healthcare. Common HIPAA Violations Nurses Make. https://www.americanmobile.com/nursezone/nursing-news/8-common-hipaa-violations-rns-make/. Accessed December 12, 2018.