7 HIPAA Violations & How You Can Prevent Them
Do you know if your Physical Therapy practice meets HIPAA compliance requirements? If it’s not, HIPAA violations could cost you.
HIPAA violations typically result in fines per offense which range between $100 and $50,000. However, there is a limit to the amount one organization can be fined annually: an astounding $1.5 million! In addition to these fines, the states attorneys general can pursue civil actions. Furthermore, breaches for greater than 500 patients must be reported to the media. Suffice to say that most businesses simply can not afford that type of financial loss per calendar year nor can they easily recover from a destructive media onslaught.
In order to avoid expensive fines and negative publicity, administrators need to ensure both their operating systems and their policies and procedures are regularly updated. Employees should also receive compliance training both as a new hire and on an ongoing basis.
7 Of The Most Common Yet Preventable HIPAA Violations
Make sure you are aware of the most-violated HIPAA laws:
#1 Disclosing patient information to an unauthorized third party.
You should be very careful to avoid gossiping, even if you believe no one will ever find out about their conversation. Unfortunately, sharing information through chitchat with friends, family and coworkers is one of the most common HIPAA violations. Remind your employees frequently: talking about a patient is against federal law!
#2 Releasing unauthorized Protected Health Information (PHI) due to incomplete HIPAA forms.
Before releasing any information to outside parties, it is imperative that patients authorization forms are completed in their entirety. The form should include the patient’s legal name, the specific information that is permitted for disclosure, and the date through which the authorization is valid. (See a sample HIPAA authorization form here.)
#3 Failing to destroy old information.
According to HIPAA law, outdated or incorrect patient information must be destroyed to avoid a breach of PHI.
#4 Incorrectly disposing patient information.
PHI should never be discarded in the regular trash can; rather, it should be shredded or burned. Placing signs at trash cans, recycling bins and shredding stations can be a great reminder for employees to dispose of PHI correctly.
#5 Making errors when storing papers or files.
If you use paper and storage filing system, sooner or later a document is going to be misplaced; its unavoidable with human error. And unfortunately, incorrectly filing a patient’s records can lead to a HIPAA fine. Switching to an electronic filing database can almost completely eliminate this risk.
#6 Improperly securing or losing computer devices or backup drives.
Stolen laptops, tablets, mobile phones, backup discs, USB drives and the like can cause leaks in patient information. Safeguards should be in place to protect PHI in the event of theft or loss such as using passwords on electronic devices to verify the person signing into the device is authorized to access the information.
#7 Being unprotected from computer hacking.
Again, using encryption, firewalls, password-restricted access, and other security measures are imperative for protecting PHI. It may also be a wise investment for your organization to utilize an electronic records database that can be accessed remotely from a cloud to avoid computer hacking and misuse of PHI.
About the Author
Jami Cooley is a registered nurse with certification in Chemotherapy and Biotherapy received at M.D. Anderson hospital in Houston, Texas. Jami began her nursing career in oncology and hematology administering chemotherapy treatments.
Jami is a Certified Nutrition and Wellness Consultant and member of the American Fitness Professionals Association and the American Nutrition Association.
Gain Full Access To Physical Therapy University
12 Month Subscription
700+ CEU Video Hours