5 of the Most Common Reasons for HIPAA Violations in Private Practice

Multi-Practitioner Offices

The HIPAA Privacy Act is a federal law that was established in 1996 to set provisions and standards for the protection of personal health information. The rule puts limits and conditions on the use and disclosure of patient medical information. It also gives patients the right to obtain a copy, examine, and request corrections to their records. Though most medical practices are very careful to keep their patients’ private health information secure, violations of this act can be costly with penalties ranging from $100 to 1.5 million per incident. Regular and ongoing compliance training for all employees is one of the easiest ways to prevent the improper use of PHI and reduce the risk of a violation.

Below are a few common HIPAA violations and steps that can be taken to keep your patient’s personal health information secure.

  1. Lack of training - One of the most common reasons for a violation is employees that are not familiar with HIPAA law. Lack of training or inadequately trained employees increases the risk of a breach. Implementing a compliance training program and making sure HIPAA law is included in written policies and procedures are some easy steps that can be taken to ensure your practice is compliant.
  2. Authorization requirements - Lack of obtaining a prior authorization is another serious HIPAA violation that can put a practice at risk for a penalty. If an employee is unsure whether they should release patient information, it is always best to request prior authorization. Also, many employees do not pay attention to the expiration date on a release of information form, and according to HIPAA law if the is expired a new form must be completed.
  3. Employees disclosing patient information - Employees discussing patient information in open areas or to family and friends are other common HIPAA violations that can put a practice at risk. Employees must be mindful of their environment, keep confidential information to themselves, and restrict all conversations regarding patients to private places.
  4. Employees illegally accessing PHI - Employees accessing personal health information (PHI) they are not authorized to is another common HIPAA violation. To reduce this risk a practice should implement and enforce User IDs, passwords, and passcodes to discourage employees from accessing files they are not authorized to view.
  5. Improper disposal of PHI - The improper disposal of personal health information (PHI) is another very common HIPAA violation. Outdated or incorrect patient information should always be destroyed. The implementation of policies and procedures to ensure patient data is locked up and properly disposed of is critical to reducing a practices risk for a breach. Posting these rules and regulations will help remind employees and potentially prevent a violation.
Prevention is always the best preparation when it comes to reducing your practices risk for a HIPAA violation. To ensure the protection of patient data and decrease the risk of costly penalties, it is important that medical practices implement ongoing compliance training for all staff members and regularly update their policies and procedures.
BACK TO RESOURCES

Only deposit products are FDIC insured.

The information provided is not intended to be legal, tax, or financial advice or recommendations for any specific individual, business, or circumstance. TowneBank cannot guarantee that it is accurate, up to date, or appropriate for your situation. Financial calculators are provided for illustrative purposes only. You are encouraged to consult with a qualified attorney or financial advisor to understand how the law applies to your particular circumstances or for financial information specific to your personal or business situation.


banking for physicians

Banking Solutions for Physicians

Private banking solutions for physicians, urgent care centers, and medical offices.
Dr. David Lane of Dermatologic Surgery of the Carolinas

"TowneBank maintains a personal relationship - something I had lost at my previous bank."

Dr. David Lane, Dermatologic Surgery of the Carolinas
Back to Top