Top HIPAA Violations

At Spectra Networks, we work with many businesses that need to remain HIPAA compliant, from dental practices to doctors offices. Maintaining HIPAA compliance for our clients is our top priority as we know the consequences can mean a loss of reputation and a major financial fine. Sadly, according to the U.S. Health and Human Services, data breaches relating to HIPAA violations are occurring at a rate of at least once per day! 

If this statistic doesn’t completely floor you, take a look at the potential cost of the violations. HIPAA violation fines can reach up to $50,000 per occurrence and a maximum annual penalty of $1.5 million per violation. Add to this the loss of reputation and you can see why it's important for medical practices to ensure they are HIPAA compliant at all times.

Since the law’s inception, there have been thousands of violations, some of which have ruined the trustworthiness of the companies involved and years of carefully built reputations. Some examples are the Cottage Health violation that included exposure of ePHI over internet. Another example was the unauthorized filming of patients at Boston Medical Center, Brigham & Womens, and Mass General during filming of a TV documentary series. Still other examples include the Pagosa Springs Medical Center’s failure to terminate employee access which resulted in an impermissible disclosure of 557 patients’ ePHI.

In light of these and other violations in our state, it is really important for employees and business leaders to familiarize themselves with the most common violations so they do not commit the same infraction. Here are a few to take into consideration. 

Home Computer Access 

In our world of being able to work from anywhere at anytime, this issue is becoming more commonplace. Finishing patient charts or catching up on follow-up notes from home on your own time is fine, just be sure that you access the information properly and that you don’t leave any patient data on the screen for anyone to see. In addition, password protection should be used. 

Lost or Stolen Devices 

Many doctors and dental practices have begun using tablets to make it easier for patients to fill out forms and sign releases. Be sure that at the end of the day that all of those devices are accounted for. Any electronic device that may have patient data stored on it should be inventoried and stored safely at the end of every work day. Each device should be encrypted and password protected as well. Mobile devices are the most vulnerable to loss or theft because of their size, and you can be fined in cases of patient data accessed through lost or stolen devices.

Unsecured Patient Files 

Whether your files are digital or still on paper, each patient file should be encrypted and password-secure if digital or locked in a secure filing cabinet, office, or desk if it is paper. IT specialists can help you with maintaining digital files that need to be seen by doctors or how they can be carefully and securely transmitted to other professionals with the permission to view the data. Accessing, storing, and transmitting patient data can be tricky and should be done with compliance in mind. 

Employee Disclosure 

While it is great that medical professionals can collaborate on cases or discuss a difficult diagnosis, it is important that all employees maintain the privacy of each patient. Therefore, training is important for all employees from the top of the food chain down. For instance, there have been circumstances where nurses have collaborated over breakfast at a coffee shop on a difficult case and accidentally mentioned a patient's room number. That one slip up could have allowed people sitting nearby to find out private information. Training employees can help them understand what information can be discussed and what should remain private. 

If your industry deals with HIPAA compliance and you want to evaluate your network’s security, train (or retrain) your employees, and confirm your security protocols, we can help. We have been helping dentists and doctors offices for years to maintain compliance. Call us at 978.219.9752 or visit our website.