With fines for HIPAA violations ranging from $50,000 to $1.5 million per violation and a maximum annual penalty of $1.5 million, it’s critical for medical practices to stay HIPAA compliant at all times.
While all potential HIPAA violations should be viewed as potential hazards to your medical practice, some are more prevalent than others.
It’s difficult to keep up with the latest updates and prevalent violations because HIPAA laws are complex and ever-changing. By ensuring that your staff is well-trained on HIPAA compliance and is aware of the most common infractions, your practice can better protect itself against them.
We’ve put together a list of the top 5 HIPAA infractions so that your clinic may take the appropriate precautions to avoid them.
- Keeping Unsecured Records
All employees should be expected to store papers containing PHI in a secure location at all times as part of their employee training. PHI-containing physical files should be kept locked away in a desk, filing cabinet, or office. Secure passwords should be required to access digital files, and they should be encrypted whenever possible.
- Unencrypted Data
The risks of leaving PHI data exposed without encryption are obvious. If a device containing PHI is lost or stolen, encrypting the data adds another layer of security. If a password-protected device is accessible in some way, such as by hacking, it adds an extra layer of security. It is highly encouraged, even if it is not a strict HIPAA requirement.
- Lack of Employee Training
It’s critical to carefully educate every employee that comes into touch with PHI when it comes to HIPAA requirements and compliance training. Employee HIPAA training is more than a suggestion; it’s a legal requirement under HIPAA.
- Gossiping / Sharing PHI
Although general gossip or chit chat by the water cooler can be harmless, PHI should always be off limits. When talking to co-workers, there is no reason to discuss PHI. Plus, it comes with a hefty fine.
- Unauthorized Release of Information
When members of the media reveal PHI about public officials and celebrities, this is the most common infraction. It can also occur when medical workers release PHI to uninvited family members, as only dependents and those with a Power of Attorney are permitted access to a family member’s PHI.