You probably already know that HIPAA violations are rampant across the country, and that as much effort as you may put into encryption software and computer passwords, some protected health information (PHI) may still fall into the wrong hands. What you may not realize is that HIPAA violations can happen in some very unlikely places.
Check out five examples of common HIPAA violations and five examples that most practices don’t see every day.
5 Common HIPAA Violation Types
As most practices are aware, HIPAA-covered entities may share PHI when authorized and also for purposes of treatment, payment, and health care operations. But sometimes, healthcare staff may still violate HIPAA, such as in the following common instances:
- You send a patient’s medical record to the wrong fax number.
- You stop paying the encryption software subscription fee and your medical records are hacked by a third party.
- A parent calls you for information from their child’s record and you share details with them over the phone without checking whether they’re authorized to get that information.
- Your employee loses an iPad that has PHI on it.
- You move your paper medical records out of a storage facility but accidentally leave one box behind.
Although these seem like mistakes that no practice would make after so many years of training, issues like this still occur every week, so it’s essential that you stay vigilant.
5 Uncommon HIPAA Violations
Even if you’re watching closely to ensure you don’t make any of the mistakes profiled above, you could still create a HIPAA violation. Following are a few less common examples.
- You post a photo to Facebook of your front desk staff to celebrate employee appreciation day, but a patient can be seen in the background.
- You respond to a negative online review, explaining your side of the story, inadvertently revealing details about the patient on the internet.
- A nurse photographs a newborn baby at the hospital and shares it with her friends, saying “Remember Susan Jones from high school? She just had a baby here — look how cute.”
- You send out a practice newsletter that shows the email addresses of all patients in the “To” line instead of anonymizing them.
- Your practice treats celebrities and hangs their pictures on the wall along with a sign saying that they’re “satisfied patients.”
Remember that the HIPAA laws are extremely clear — you cannot reveal any protected health information about a patient, identify patients at your practice, or review their medical records without a medically necessary reason. With steep fines and penalties, it’s essential to ensure that your practice doesn’t commit any HIPAA violations.
There’s so much more to know if you want to stay compliant with the HIPAA laws, but expert Tracy Bird, FACMPE, CPC, CPMA, CEMC, CPC-I is here to help! During her 60-minute online training event, Head Off Front Desk HIPAA Nightmares, she’ll share the facts that can help you protect patient privacy and stay compliant. Sign up today!
 | Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. | |
| |