Catch HIPAA Violations Before Patient Privacy Is Compromised

Violations of the Health Insurance Portability and Accountability Act (“HIPAA”) are serious offenses that will likely result in heavy fines. If an employee compromises a patient’s private health information, your facility must follow guidelines for reporting that violation. However, it is possible to catch violations before they happen.

If a patient’s protected health information (such as name, date of birth, address, et cetera) has been inappropriately used or disclosed, the manner in which you respond to the issue will be part of the future analysis of the breach. Responding thoughtfully and quickly will help your healthcare facility in the event of an investigation. Here are some practices to keep in mind that will help stop HIPAA violations so you can avoid breaches of privacy.

Don’t send information to the wrong location

Billing and scheduling staff send faxes with patient information to physicians and insurance companies frequently. Dialing the incorrect fax number can have serious consequences. If you send a fax to another covered facility by mistake, you may be able to fix the problem if you act promptly. You should call the office immediately and ask them to destroy the fax. Make a record and note that this action was taken. If allegations of a breach surface some time later, you will need to be able to prove you attempted to resolve the matter before a breach occurred.

Know when to change passwords

Passwords are crucial for protecting sensitive patient data. Sharing your password or leaving it where someone else can find it is a violation of the HIPAA security rule. This issue is likely to result in breaches of patient privacy. If you believe your password has been compromised, change it immediately, and make sure your employees are required to change passwords on a regular basis.

Conduct walkthroughs regularly

If you run a healthcare facility, it is a good idea for you to conduct walkthroughs regularly. This is a good time to catch potential HIPAA violations. Patient data that is visible on desks or computer screens angled towards the public are clear violations. However, these issues can be quickly corrected before a breach occurs.

Wipe information from lost devices

Patient privacy can be breached after an employee loses a computer device such as a laptop, phone, or tablet. If data has been encrypted, the information should be safe. In addition to encrypting these devices, your facility should invest in software that is able to remotely wipe devices if they are lost or stolen. A device should be immediately wiped if it has been lost.

Enforce HIPAA rules

If an employee has intentionally violated a patient’s privacy, it is too late to prevent the HIPAA violation from occurring. Your healthcare facility should have strict written policies for protecting a patient’s information. Employees must be investigated and disciplined when they violate these policies. Enforcing HIPAA regulations within your practice can help show your employees that violations are not acceptable.

If your healthcare practice needs guidance on how to effectively avoid HIPAA violations, contact the professional healthcare attorneys at Brown & Fortunato today. You can call us at (806) 345-6300 or Contact Us by email to learn more about our Practice Areas. You can also visit us in person to set up an appointment and learn more about how we can help your business. We are located at 905 S. Fillmore, Suite 400 in Amarillo, Texas.

This information is subject to change. Please check for updates that are more recent than the published date of this article.