Are You Guilty of These 5 Common HIPAA Violations?
Almost 90% of healthcare facilities have dealt with some form of a data breach. That’s where HIPAA (Health Insurance Portability and Accountability Act) comes in. It was created to keep patient information safe. There are many ways in which HIPAA compliance can be violated. You may not even know how to be HIPAA compliant. Below we’ll look at common HIPAA violations as they pertain to information technology (IT).
1. Lost and/or Stolen Devices
Stolen/lost devices are likely to be hacked. If it’s known they contain PHI (protected health information), this likelihood increases. Not to mention, if there isn’t proper security on your device, you can be fined for violating HIPAA.
Examples of devices include:
- Mobile phones
- USB drives
Any device containing PHI should be stored in a secure location for safekeeping.
2. Not Having a Secure Network
Hacking can come in different shapes and forms. For example, phishing, malware, social engineering, and stolen devices.
Some methods to prevent hacking include:
- Antivirus software
- Encryption methods
- Mandatory password access
- Changing passwords regularly
3. Unauthorized Sharing of PHI
You may not realize you’re sharing PHI, that’s why you should make certain before you share it in any capacity. This could be talking to other people, texting, or even social media. Texting isn’t a safe method of sharing information. If you do end up texting PHI, both people receiving/sending the texts should have encryption. If there is no encryption the information can be easily hacked. On social media, you might show photos of patients with no name linked to the information. Yet, if anyone recognizes the individual(s) in the photos you could be breaching their right to privacy. Moreover, you need to be aware of social engineering (the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.). Make sure you’re sharing information with the right people. It’s important to train your employees on what social engineering can look like and how to prevent it.
4. Unencrypted Data
Make sure your information is encrypted, this adds another layer of security. Encryption is great when you’re sending information as well as if your device gets stolen. It will help prevent hackers from accessing sensitive information as well. Don’t send emails or texts unless they’re encrypted. On top of that, you shouldn’t share your account(s) or password(s) that have sensitive information. Make sure you’re accessing PHI from a secure location. You shouldn’t access it from an unencrypted home computer, tablet, or mobile device. Home devices can be easily hacked or stolen. What’s more, PHI can be accessed if you leave your device open and there are no safeguards in place.
5. Lack of Employee Training
A lot of HIPAA violations are avoidable if you train all your employees on HIPAA regulations. If any member of your staff comes in contact with PHI, they should have HIPAA training. Make sure to have regular training sessions. This will ensure everyone stays compliant and follows any new laws that are passed.
Common HIPAA Violations
These are only some of the common HIPAA violations out there. It’s very easy to disclose information that should be kept private. That’s why employee training is so important. Properly trained employees will be far less likely to break HIPAA compliance. Review our blog to learn more about how violating HIPAA can impact your business.