10 Common HIPAA Violations (and Tips to Avoid Them!)

Revenue is not the only thing you need to worry about when running an eye care practice! As a practicing optometrist, the responsibility to ensure the Health Insurance Portability and Accountability Act (HIPAA) compliance squarely rests on you.

Though most optometrists (and their staff) are familiar with the stringent HIPAA laws, violations are commonplace. They’re so common that more than 3000 healthcare data breaches were reported between 2009 and 2019, and most of these breaches resulted in the loss, exposure, theft, or disclosure of 230,954,151 healthcare records. This may shock you, but a total of 510 healthcare data breaches were reported in 2019, which translates to almost 1.4 breaches per day. (Source)

Common HIPAA Violations

Here’re 10 of the most common HIPAA violations, the potential damage they can do to your eye care practice.

1. Employees accidentally disclosing patient information: Your employees engaging in a casual discussion with friends or coworkers and disclosing PHI (protected health information) is also a HIPAA violation, which can cost your practice a hefty fine.
2. Carelessly handling PHI: If your practice uses paper charts or records, then your doctors or nurses will be violating HIPAA rules by accidentally leaving a patient’s chart in an exam room for other patients to see it. Forgetting a patient’s lab test results near the public area printer is also a HIPAA violation.
3. Lost or stolen devices: It only takes a few seconds for devices like laptops and cell phones to be lost or stolen. Theft of PHI through stolen or lost devices that contain sensitive patient data is a HIPAA violation.
4. Unauthorized disclosure of PHI:Disclosing PHI to a patient’s family member or even to another medical facility without the patient’s written permission is a HIPAA violation. HIPAA requires the patient’s consent before your employees can release PHI to a third party.
5. Posting on social networks: Posting patient photos or textual information on social networks is a HIPAA violation. Even if your employees do not mention names and other details, someone may recognize the patient, which is a breach of privacy.
6. Illegally accessing PHI: An unauthorized employee accessing a celebrity patient’s PHI out of curiosity is a widespread HIPAA violation. This violation could cost your practice a hefty fine or your employee his or her job and even jail time.
7. Not implementing safeguards: HIPAA mandates all hospitals and healthcare facilities to take responsibility for protecting PHI. This includes conducting risk analyses, keeping PHI secured, installing HIPAA compliance software, and making PHI available to authorized people. Not complying with these mandates is a HIPAA violation.
8. Accessing PHI on unsecured devices: Most providers use their home computers after work hours to access PHI to record notes. This could result in a HIPAA violation if a family member uses the computer and sees the patient information.
9. Lack of employee training: Uninformed or unaware employees are the most common reasons for HIPAA violations. HIPAA requires all employees who come into contact with PHI to receive training. The inability to educate employees on HIPAA policies is a violation of the law.
10. Using paper-based medical records:Paper-based medical records are vulnerable to HIPAA violations. Even with all the security best practices in place, criminals will find ways to misuse PHI, even if they find a lab test report lying in a trashcan.

Tips to prevent HIPAA Violations

Follow these best practices to ensure HIPAA compliance:

1. Train employees: Effective and regular employee training plays an integral role in preventing HIPAA violations. Your staff needs to understand what constitutes HIPAA violations, penalties they will face if compliance is not maintained, and how to prevent HIPAA violations.
2. Protect portable devices:  Stolen mobile phones, laptops, or tablets can cause patient data to leak. Make sure portable devices are stored in a secure location and are password protected and encrypted. Using a cloud-based EHR system that does not store data locally on devices can help resolve this issue.
3. Enable firewalls: Enabling technologies like encryptions and firewalls on computers and laptops can remotely lock the device or wipe the information using a software program. These protections can serve as backup plans if the device gets stolen or misplaced.
4. Store/dispose of patient records properly: Training your employees to be extra careful when filing, storing or shredding patients’ data. Switching to EHRs with HIPAA compliance software and converting your paper-based medical records into electronic medical records is the best way to avoid this violation.
5. Limit employees’ access to patient data: Restricting access will reduce the risk of both physical and electronic data theft. To prevent physical data theft, you can install door locks or biometrics. To prevent electronic data theft, consider installing a reliable EHR system with robust security features.
6. Use social networks responsibly: No employee should be allowed to post anything – text or images- about your practice or patients. A firm social media usage policy and employee training can help prevent HIPAA violations.

Conclusion

Failure to protect PHI can lead to costly HIPAA violations. Often, the damage is not limited to fines. You may also lose revenue due to a damaged reputation and lost patients, as most patients will not come back to your practice after their personal information is compromised. You can avoid HIPAA violations by conducting regular employee training and adhering to safety measures.

Interested in learning more about HIPAA compliance?

Contact us. Our experts will be happy to schedule a complimentary demo to show you how installing Electronic Medical Record (EMR) system is the right approach to staying HIPAA compliant.