Identifying And Resolving HIPAA Violations

Tuesday, July 19th, 2016

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to modernize the healthcare system and to make it easier for people to secure their confidential medical information. With the rapid expansion of electronic communication through the internet, HIPAA was expanded to cover all verbal, written, and electronic communications. HIPAA also covers electronically stored information, such as billing and transmission of claims information.

Twenty-first century healthcare requires coordination of records and efficient communication between healthcare providers, including hospitals, outpatient facilities, pharmacies, and doctor’s offices to maximize effectiveness. HIPAA was designed to harness these developments in medicine, while simultaneously securing patient information.

What information is protected?

HIPAA defines protected health information as just about everything connected to a patient. For example, HIPAA covers personal information such as names, addresses, phone numbers, and any other identifying information. This information also includes healthcare details like lab results, doctor’s notes, prescription records, and communications. Personal information can even include the fact that a communication occurred, like a meeting with a psychologist or therapist.

Where do violations occur?

One of the most vulnerable places for a HIPAA violation in a hospital is the pharmacy. Pharmacies are often staffed with personnel (other than pharmacists) who are not trained as well as nurses and other medical staff. Also, there is significant risk of a HIPAA breach when other employees or contractors, like janitors and document destruction companies, have access to patient records in a health care provider’s office. These situations are potential places for HIPAA violations if patient information is not secured properly. Thorough training programs and compliance classes are a good way to stave off these risks.

Understandably, complying with the strict HIPAA records requirements is not entirely instinctual. It is natural for people to assume that they can discuss confidential information among their peers. However, the tendency to over-share needs to be controlled or HIPAA violations will occur.

The minimum necessary standard

The minimum necessary standard requires that health care providers only use or disclose the amount of patient information that is reasonably necessary to provide patient care. For example, a physician in a hospital would likely need access to a patient’s entire medical record. However, an employee in the Hospital’s billing department would only need access to limited information about the patient to bill and collect for the services provided.

Can you trust your employees to record or access only what information is necessary? Case-by-case decisions slow down services and are prone to inconsistencies. Instead, providers should develop standard written policies that address what is considered minimally necessary. The policies can be used for areas that confront similar situations, like pharmacy intake, dispensing medicine, and intake of patients.

What can be done to prevent HIPAA violations?

Employees need to be trained to ensure that all paperwork, including prescription drug labels, bills, and other paperwork, is disposed of appropriately. Papers that contain protected health information should always be securely shredded.

Your facility should get password-protected computers to ensure that only authorized personnel can access the computers. The software should be set up in a way to allow each individual access only to the information that is necessary for fulfillment of his or her job duties. The computer passwords should be subjected to a regular audit and review. The more frequently passwords are changed, the less likely information can be accessed improperly.

Complying with HIPAA regulations is a combination of training and controlling who has access to information. It is not natural for people to be secretive among their friends or colleagues, but patient information must be secured to prevent HIPAA violations. One of the best ways to instill these habits is to make them part of regular routine.

If your company needs guidance on how to effectively avoid HIPAA violations, contact a healthcare attorney at Brown & Fortunato You can reach us by calling (806) 345-6300. You can also Contact Us by email or stop by our office to set up an appointment and learn more about our practice areas. We are located at 905 S. Fillmore, Suite 400 in Amarillo, Texas.

This information is subject to change. Please check for updates that are more recent than the published date of this article.