HIPAA violations can be costly for you and your practice, including heavy fines, a damaged reputation, and loss of business. While there are many causes of HIPAA violations, out-of-date technology and data policies are common. Your practice may be putting patient information at risk without realizing it.
Using Personal E-mails
Employees may use personal e-mail when talking about company data and sending client documents. This can put classified and patient information at risk for phishing scams.
To avoid information phishing, use a protected e-mail network and avoid personal email addresses. Not only is it safer, but it can also protect your practice’s data.
Viruses wreak havoc with data, and here’s a new virus that can cause particularly nasty problems for your practice’s data. To protect your data from threats, make sure your practice’s firewall software is turned on, install anti-malware software, and regularly scan for viruses that can harm your systems.
Unprotected Mobile Devices
Mobile devices, such as laptops, tablets, and smart phones, should be kept in a secure location which is inaccessible to public use or view. Remind employees to update mobile passwords frequently.
A weak password is one of the easiest ways to hack a system. Make sure you are using different passwords for all aspects of your practice. For example, have unique passwords for your mail, customer database, and wi-fi.
Develop a password policy that requires changing it every 1-2 months. A password management system like LastPass creates and stores complex, encrypted passwords.
Disposal of Patient Information
Whether your practice stores digital or paper patient information, all files should be properly destroyed so that others are unable to access it. If you have an old computer, copier, or thumb drive, be sure to completely wipe the hard drive clean to ensure any information cannot be recovered. Follow industry guidelines on what documents need to be shredded and when.
Unauthorized Release of Patient Information
Improper disclosure or unauthorized release of patient health records to third parties is a significant HIPAA violation. If your practice is in charge of the patient’s confidential information, then you are responsible for any fines and potential lawsuits. Unless a patient is a dependent, it is illegal to release patient records even to family members without written consent by the patient.