5 of the Most Common Reasons for HIPAA Violations in Private Practice
The HIPAA Privacy Act is a federal law that was established in 1996 to set provisions and standards for the protection of personal health information. The rule puts limits and conditions on the use and disclosure of patient medical information. It also gives patients the right to obtain a copy, examine, and request corrections to their records. Though most medical practices are very careful to keep their patients’ private health information secure, violations of this act can be costly with penalties ranging from $100 to 1.5 million per incident. Regular and ongoing compliance training for all employees is one of the easiest ways to prevent the improper use of PHI and reduce the risk of a violation.
Below are a few common HIPAA violations and steps that can be taken to keep your patient’s personal health information secure.
- Lack of training - One of the most common reasons for a violation is employees that are not familiar with HIPAA law. Lack of training or inadequately trained employees increases the risk of a breach. Implementing a compliance training program and making sure HIPAA law is included in written policies and procedures are some easy steps that can be taken to ensure your practice is compliant.
- Authorization requirements - Lack of obtaining a prior authorization is another serious HIPAA violation that can put a practice at risk for a penalty. If an employee is unsure whether they should release patient information, it is always best to request prior authorization. Also, many employees do not pay attention to the expiration date on a release of information form, and according to HIPAA law if the is expired a new form must be completed.
- Employees disclosing patient information - Employees discussing patient information in open areas or to family and friends are other common HIPAA violations that can put a practice at risk. Employees must be mindful of their environment, keep confidential information to themselves, and restrict all conversations regarding patients to private places.
- Employees illegally accessing PHI - Employees accessing personal health information (PHI) they are not authorized to is another common HIPAA violation. To reduce this risk a practice should implement and enforce User IDs, passwords, and passcodes to discourage employees from accessing files they are not authorized to view.
- Improper disposal of PHI - The improper disposal of personal health information (PHI) is another very common HIPAA violation. Outdated or incorrect patient information should always be destroyed. The implementation of policies and procedures to ensure patient data is locked up and properly disposed of is critical to reducing a practices risk for a breach. Posting these rules and regulations will help remind employees and potentially prevent a violation.