Potential HIPAA Security Violations

By Adrian Johansen, freelance writer; @AdrianJohanse18.

Computer, Business, Office, TechnologyYour health is the most personal part of your life. Going into a doctor’s office or hospital makes a person feel vulnerable, even if they’re only there for a routine checkup. There’s an unspoken trust between patient and doctor that whatever is discussed or recorded will remain private. When your protected health information (PHI) gets out, either accidentally or purposefully, it can be embarrassing and seriously affect your life.

The Health Insurance Portability and Accountability Act (HIPAA) has been around since 1996. It was created to formalize data and privacy security requirements so that PHI remains safe. Healthcare administrators and staff such as nurses who work with patient records must be trained in these regulations, and they also must know how to handle HIPAA violations.

The growth of HIPAA violations

HIPAA compliance has always been important, but it’s become even more of a hot topic in recent years as the number of data breaches has climbed. Between 2009 and 2015, HIPAA violations occurred mainly because of loss or theft of healthcare records and PHI. Encryption and improved policies reduced those types of breaches. From 2015 to 2018, top causes of HIPAA violations included hacking incidents and unauthorized access and disclosures. There’s more than one healthcare data breach reported per day, and nearly 190,000,000 healthcare records have been stolen or exposed since 2009.

Common HIPAA security violations

A HIPPA violation involves the loss or unauthorized access of PHI. This includes identifying information that gets out, such as the patient’s name, date of birth, contact information, photos, or healthcare records. A data breach may occur when:

If a HIPAA violation occurs, an incident report has to be filed with the Department of Health and Human Services, and any individual affected by the HIPAA breach has to be notified. Failing to notify the individual of the breach within 60 days is another type of HIPAA security violation.

How to stay HIPAA compliant

Every medical office should have a designated security officer who is responsible for creating, launching, and managing a compliance program. The security officer will create safeguards so that PHI remains confidential, ensure that PHI access logs are maintained, and conduct regular risk analyses. He or she will also control who is able to view PHI and will create a process for terminating PHI access when the employee no longer requires it. The security officer should also arrange for HIPAA training.

Here are a few more ways to stay compliant:

Your security officer should help set up all of these processes. However, if you can’t hire an in-house security officer to ensure your organization stays HIPAA-compliant, consider working with a managed service provider that specializes in HIPAA compliance. A HIPPA data backup plan is also key.

Everyone is a patient at one point or another — even a doctor, nurse or health insurance rep. That means that everyone who works for a medical organization should understand why it’s so important to protect a patient’s health information. PHI data breaches are scary for patients; they have to worry that their personal information will be exposed to the world or that a cybercriminal will steal their identity.

Healthcare companies have to be concerned, too. Not only can HIPAA violations and data breaches cost them money, but they can also destroy the business’ reputation. By being aware of common violations and knowing how to prevent them, medical companies can keep themselves and their patients safe.


Write a Comment

Your email address will not be published. Required fields are marked *