HIPAA was enacted in 1996 and, over time, has evolved to provide a set of laws that give patients specific right to safeguard their healthcare information.
Unfortunately, HIPAA cannot completely eliminate breached due to human error and malicious intent. Even the most secure cybersecurity technology cannot take into account the possibility that a mistake will be made or oversight will take place. In order to give you an idea of what you need to be on the lookout for in your organization, we’ve put together this list of the most common HIPAA breaches.
- Employees sharing medical information: Employees’ gossiping about patients to friends or colleagues is a HIPAA breach that can result in a massive fine. It is important to remind employees of their obligations under HIPAA.
- Mishandling Medical Files: This is when a physician or nurse may, by mistake, leave a chart in public for another patient to see. Printed medical detail should be locked away and safe out of the public’s view.
- Missing Devices: Devices that go missing with PHI save to them can result in HIPAA fines. Mobile devices are the most susceptible to theft because of their size; therefore, the necessary security measures should be put into place such as password-protected authorization and encryption to access patient-specific data.
- Texting patient information: While sending patient information such as vital signs or test results via text message is often an easy way that providers can relay information quickly, it is potentially placing patient data in the hands of hackers who could easily access this data.
- Social Media: Publishing patient-related content on social media channels is a HIPAA violation. While it may seem harmless if a name is not referred to, someone may recognize the patient. All staff members must be aware that the use of social media to share patient information is considered a violation of HIPAA legislation.
- Employees snooping: Employees snooping on patient information when they are not authorized is another very common HIPAA breach. This is illegal and can cost a practice substantially. Also, individuals that use or sell PHI for personal profit can be subject to fines and even a criminal conviction.
- Permission Requirements: A written consent is necessary for the use or sharing of any individual’s personal health information that is not used for treatment, payment, healthcare operations, or allowed under the Privacy Rule.
- Viewing patient details on home computers. The majority of clinicians use their home computers or laptops after hours from time to time to view patient information to record notes or follow-ups. This may lead to a HIPAA violation if the screen is accidentally left on and a family member logs onto the computer.
- No HIPAA training: One of the most common reasons for a HIPAA breach is an employee who is not trained in relation to HIPAA regulations. HIPAA Compliance training is one of the simplest ways to avoid a violation.