Join 100's of providers and practice managers. 

Get weekly tips to build a profitable practice.

eVisit's Blog

Welcome to the eVisit Blog!

A resource for physicians, practice managers, and other professionals working in SMB medical practices. Get valuable articles with tips to improve your practice and boost revenue.

10 Signs You're Breaking HIPAA

Posted by Teresa Iafolla, Mar 8, 2016

Keeping your patient’s personal information confidential is an essential part of providing the very best medical care. Your patients expect that you'll keep their protected health information (PHI) private and confidential, and failure to guard it will make them question the quality of healthcare you provide.

We've all heard of HIPAA. The Health Insurance Portability and Accountability Act (HIPAA), requires strict patient confidentiality, and PHI violations can result in significant financial penalties as well as professional sanctions.

But do you and your staff really know all the ins-and-outs of HIPAA? Are you violating HIPAA without even realizing it? It can be hard to stay in compliance, especially with all the changes to practice software and tools.

Below are ten actions and situations that you may not realize are a violation of privacy according to HIPAA. Keep these actions in mind and review your office policies so that you’re in compliance and your patients’ information is secure.

1.Accessing patient records for former patients.  who are no longer in your care because of concerns about what may have happened to them. This includes checking the medical records of a friend or co-worker because of concerns about their well-being.

2. Posting private patient information on social media sites, even if the post is done on a personal private Facebook page or Twitter account, or in response to a patient already posting something that breaks confidentiality. Don’t share or post photos of your paperwork or workload on your private social media site, as images can be enlarged to reveal personal health information on paperwork and documents. Don’t share or post photos of patients on your private social media site, even if the photos are taken during non-work hours.

3. Downloading protected health information to unsecured devices such as a cell phone, iPad or laptop in order to make the data more accessible for your job.

4. Accessing medical records to find an address, phone number or contact for personal reasons, such as social events like weddings, parties and other events.

5. Sharing login IDs or passwords, or leaving your computer unattended when logged into a system that contains protected health information.

6. Discussing private health information concerning a current client with their family members without being authorized to do so by the patient, or without knowledge that the individual meets the “involved in the patient’s care” standard.

7. Posting photos of patients or their names, addresses or towns on office walls, such as a “new patient welcome” on office bulletin boards. Patient information such as photos, names and addresses is protected health information under HIPAA, and can’t be shared in this manner without explicit patient authorization.

8. Calling patients in the waiting room by their first and last names in front of other patients or personnel. Instead, approach the patient directly or address them by either their first or last names.

9. Asking patients for personal information that other people may overhear, such as telephone numbers, addresses, birthdates or insurance details. This information is protected under HIPAA, and can be used for identity theft. Instead, ask the patient if anything has changed, or request that they review their private contact information on a computer screen.

10. Leaving patient’s charts or paperwork accessible to other patients on desks or computer screens.

While the privacy rules under HIPAA may seem cumbersome, it's incredibly important. Review your office policies and standards and evaluate your operations to make sure they are compliant. Do you have concerns about your office’s HIPAA compliance? We’d like to hear what situations you feel might unknowingly be compromising patient privacy.

 

Tell us about your HIPAA experiences in the comments!

Topics: eVisit Blog Posts, data security, health information, health security, HIPAA, hipaa violations, PHI, pii, Practice Management

Teresa Iafolla

About Teresa Iafolla

Teresa Iafolla is an expert writer, researcher, and content wrangler who has previously worked as director of content marketing for a telehealth company and associate editor for a healthcare publishing company.

Read More

The eVisit Blog

Join 100's of physicians & practice managers. Get weekly tips to grow your practice.

Subscribe to Email Updates