10 Examples of HIPAA Violations
HIPAA violations are nothing to scoff at. These days, the minimum fine stands at $50K and can grow as large as $1.5 million for each provision of the rules. As such, healthcare professionals and insurance adjusters are all feeling the pressure, and are trying to do whatever they can to prevent falling out of compliance. But in order to stay out of trouble, you must first understand which mistakes to avoid. Here's a look at 10 common HIPAA violations:
1. Absence of a "Right to Revoke" Clause
When creating your facility's HIPAA forms, you must take care to inform patients of their right to revoke the permissions they have given for the disclosure of their confidential medical information to specific parties. Without this information, the HIPAA form is invalid, and any subsequent information released to a third party will be in violation of HIPAA regulations.
2. Release of the Wrong Patient's Information
Although it may seem obvious, the release of the incorrect patient's information can occur through careless mistakes. If your facility contains records for two patients with the same name, for example, you and your staff must be trained to correctly file all medical records, and release documents only for the authorized patient.
3. Release of Unauthorized Health Information
When releasing information, it is imperative that you and your staff work to carefully verify that the requested documents have been approved for release. A patient may have requested that specific elements of their record (ie: mental health, alcohol/drug treatment, etc.) not be released, whereas others may choose to share their entire record with a specific entity.
4. Release of Information to an Undesignated Party
In addition to verifying the PIH that has been okayed to be released, you must ensure that the specific recipient's authorization is in place. If the HIPAA authorization permits Jane Jones from ABC Insurance to receive a patient's healthcare record, for example, Mike Jones from ABC Insurance may not issue a request for the information. Only the exact person(s) listed on the patient's authorization form may receive confidential medical documents.
5. Failure to Adhere to the Authorization Expiration Date
Patients have the right to set an expiration date for their HIPAA authorization forms. If ABC Insurance is only authorized to receive a patient's PHI through a six month window, you and your staff must be sure to not release confidential records beyond the authorization's expiration. From here, you will need to contact the patient and obtain a new HIPAA form before information can be submitted to the requestor.
6. Lack of Patient Signature on HIPAA Forms
Never release a patient's information to an outside party without verifying that the HIPAA form has been signed by the patient.
7. Improper Disposal of Patient Records
Failing to shred PHI before disposal could lead to disastrous consequences. If the confidential document(s) land in the wrong hands, your facility could receive fines and be dragged into court.
8. Unprotected Storage of Private Health Information
According to Healthcare IT News, the most common culprit behind HIPAA violations is stolen laptops. When doctors or insurers store private information on an unsecured laptop, mobile device, or thumbnail drive, it could easily be stolen, sold, and disclosed.
9. Failure to Promptly Release Information to Patients
Per HIPAA regulations, patients have the right to quickly obtain electronic copies of their medical records upon demand. If your system is disorganized, or if the requested information is lost, you could end up violating HIPAA rules.
10. Small-scale Snooping
Here's a bit of shocking news: according to a 2011 survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their co-workers and/or relatives. Without creating clearance levels, password protection, and tracking systems, this kind of snooping cannot be prevented.
What types of steps are you currently taking to avoid HIPAA violations within your facility?
Photo credit: RickC via Flickr
Fig Gungor is CEO of OneSource Document Management, a New York based company that offers a broad range of customized copy and scanning services that translate into a significant savings for insurance companies, hospitals and large medical facilities.